The second one is (more) interesting, IMHO. The entries on how most of the keys have some defect or other are worth reading, since mostly nobody is looking at this stuff.
The relevant paragraph on Feitian:
Feitian ePass
ASN.1 DER is designed to be a “distinguished” encoding, i.e. there should be a unique serialisation for a given value and all other representations are invalid. As such, numbers are supposed to be encoded minimally, with no leading zeros (unless necessary to make a number positive). Feitian doesn't get that right with this security key: numbers that start with 9 leading zero bits have an invalid zero byte at the beginning. Presumably, numbers starting with 17 zero bits have two invalid zero bytes at the beginning and so on, but I wasn't able to press the button enough times to get such an example. Thus something like one in 256 signatures produced by this security key are invalid.
Also, the final eight bytes of the key handle seem to be superfluous: you can change them to whatever value you like and the security key doesn't care. That is not immediately a problem, but it does beg the question: if they're not being used, what are they?
Lastly, the padding data in USB packets isn't zeroed. However, it's obviously just the previous contents of the transmit buffer, so there's nothing sensitive getting leaked.
It would be difficult, but the one thing I've learned to trust in security is that there's no such thing as a system that can't be broken.
For U2F, the first thing that comes to mind is timing channels, or perhaps building in a radio and letting anyone nearby use the key as if it were theirs.
The existence of a hidden radio should be trivial to confirm - at minimum it would require a battery and an antenna.
If I we're the paranoid type, I'd avoid bluetooth security keys all together. NFC should be fine for use with a mobile phone, and while there are attacks that let you read NFC from a few meters away, if you credibly think you have an adversary who can identify you in public, and has this type of specialized hardware, you're dealing with someone who would have a much easier time just throwing you in the back of a van to extract whatever they wanted out of you.
I don't think the article is talking about some random third party diddling the devices to install a backdoor. I think it is talking about the manufacturer building in a backdoor.
I don't see anything in the U2F FIDO spec that can prevent that.
How exactly do you expect anyone to backdoor these devices?