The evil maid software swap.
I keep the SD card in a safe inside a tamper evident bag far away from the device.
Any other attack vectors? I think the RPi being corrupted by the manufacturer has been mostly debunked.
Discussion
Also, reflash if you are suspicious.
Otherwise, I use SeedSigner often and have nothing against it like some of the other HWW vendors… :)
They serve different purposes, where in an HWW the responsibility for seed protection is on the SE, with SS it expects you to protect the seed yourself.
The former is better for carrying wkth you, but the latter works well when you are trying to build a larger multisig affordably (since you need a physical copy either way)
I do reflash and verify on Sparrow every few months if there hasn't been a new firmware release.
I suspect that this type of attack will become more prevalent when after more adoption, a greater number of people will know about HWWs, signing devices and steel back ups. Right now, in my African country of 50M+, I guess less than a thousand have even heard or seen a photo of a SS. The number who even own one here will be less than 100.
Of those, the number of people with an ability to corrupt the firmware with an evil maid / dark skippy type attack is very very small. Never mind even knowing that I possess such a device.
Something to worry about more intently in the future.