Why don't you watch the video? They have code running on the MCU. They explain the super secure magic value that the firmware checks against.
I've watched the video, thanks. At no point do they demonstrate anything running on the Ledger outside of Bootloader mode. They do not demonstrate they can extract PINs, seeds, private keys or coins, or that they can sign malicious transactions with or without a user keypress. They do
state they have a method for this, but they do not
demonstrate it. They also state, at 27:40, that another YouTube channel will walk through their method/process. That video is available here:
https://www.youtube.com/watch?v=nNBktKw9Is4. Again, it is a good video and well worth the watch, but he also states at 09:15 that this is all theoretical and he does not have a working proof of concept.
I'm not trying to be obtuse or confrontational here, and please link me to sections in the video that I may be glossing over, but my point was that this is all theoretical. At no point to they demonstrate they can actually compromise the device.