Lets assume a seed phrase was generated securely and the hardware wallet gets a malicious update to extract the seed phrase later on.
Would a seed phrase extraction only require the hardware to be malicious or also the software running on the host system to have malicious code to send the extracted seed phrase to the attackers server?
What are the possibilities in such cases?
Hi @a_nice_person,
Malicious firmware update should be out of the game. Firmware is digitally signed and bootloader won’t run code, if the signature does not match.
That’s a reason why i choose TS5 also with Secure Element chip. It proves, that it was truly made by Trezor (key attestation) plus provides another security encryption layer and PIN protection. This way i know, that HW was not tampered and same way SW firmware is not tampered.
And even if this would failed in future by some newly discovered HW vulnerability allowing SEED extraction which cant be fixed by SW firmware, than hey, you don’t need to care 
You can have SD card protection, so you have externally stored encryption key for Trezor Safe internal memory. Just don’t leave SD card inserted in Trezor all the time 
I feel safe with Trezor Safe 5
The questions is, if they would need to both compromise Trezor Suite and the Trezor device or only the HW?
Is Trezor Safe 5 more secure then Trezor Safe 3?
IMHO Trezor Suite is not relevant here. Firmware signature is checked by Trezor HW device during each start (secure boot). Breaking the “seal” with custom firmware should be irrecoverable and you would notice that by displayed warning.
Well it depends - for me yes as i feel safer with SD protect. Does it matter for everyone else - probably not, as they could consider Secure Element chip and Passphrase good enough. I also feel & sleep well when i know that better MCU is used in TS5 (trained eye can maybe notice some inconsistencies in TS3 product page picture and description ). Again i can imagine nobody else care about internals, because Trezor Company produce great and well-designed secure products. And if some hypothetical TS7 with TROPIC comes out - will i buy it, if i’m happy with TS5? Sure, because i want to support this company and their relentless innovation and responsible open design.