Except that reading through this article it starts with a breakdown of OPSEC 101 ----- if you have a machine which already contains malware you are PWN'd anyway. There is little to no way to infect an air gapped machine without significant operator error. One such error would be to allow your smartphone to even be in the same room while using an air gap configuration. At work they didn't allow us to bring phones anywhere near the inside of the building. Just one example. So using Electrum as another example; if the user doesn't GPG verify the downloaded software and stupidly places corrupted software on his air gap machine is the cold wallet process being broken? NO. If the user is running Windows in my view that is also a discredit of the process being weak, when its the OS that is the culprit. There are super secure ways to sign transactions using OFFLINE camera images where you physically plug the camera into the air gap machine and transfer what is needed in both directions. The OFFLINE camera is never online in its lifetime. Slower than USB and requires some knowledge of what is needed to sign a transaction, but is very doable for those that learn the process. I still like an actual hardware wallet with strong BIP passwords, which are not stored on the device so there is nothing to hack. .02