::
> How do we protect against this as a consumer?
Simple. Install firmware
> All Trezor devices are distributed without firmware installed – you will need to install it during setup. This setup process will check if firmware is already installed on the device. If firmware is detected then the device should not be used.
– ***[Trezor Online Manual](https://trezor.io/learn/a/authenticate-trezor-model-t)***
As the article clearly states. Once you install firmware you get the red ***UNSAFE*** boot screen. This is your indication to throw it away. What’s more, Trezor always (AFAIK) ship with OLD bootloaders, so you can verify that your firmware flash upon unboxing increments the bootloader version. Once you get off the hacked bootloader all the warnings would be re-enabled and you’d know you bought junk.