Ledger claims Trezor Safe devices, despite upgrades, are still vulnerable to supply chain attacks targeting their microcontrollers.