The coordinator app generates a QR code from the unsigned transaction for the hardware wallet to sign. The hardware wallet generates another QR code with the signature.
If the hardware wallet has been hacked to change the data in any way, the coordinator app won't accept the signature, because the signature won't be mathematically correct for the transaction on the coordinator app.
That's a really important concept to understand.
The Bitcoin blockchain is susceptible to key leakage via the OP RETURN field and a narrowband subliminal channel based on brute-forcing the random factor of the signature scheme.
That's a really important concept to understand.
https://www.annessi.net/data/2018-subliminalblockchain_preprint.pdf