It is quite scary that they were able to create a clone of the exact same components and hardware as a genuine device and even backdoor it and extract the seed.
That is the open source model of TREZOR and why we all love it.
As far as I know TREZORs are not delivered with working firmware now. You have to do an update and you should not trust your new TREZOR if it is pretending to have the newest firmware. Wouldn't that take care of the backdoor?