Re: Hardware - cost
I agree it has a cost. But it has been done.
Read this (very) recent BoingBoing article:
https://boingboing.net/2016/06/15/intel-x86-processors-ship-with.html
The point being that the Intel Management Engine and the AMD equivalent have legitimate commercial uses in remote management of servers and desktops. It is convenient to be able to send a Wake-on-LAN packet to wake up a desktop at night, apply patches, do a hardware inventory etc. But the very same system can be used to subvert the PC. As has been pointed out, Intel are very cagey about the Management Engine, firmware is cryptographically signed, and the processor it runs on is (a) separate to the x86 CPU, but on the same chip and (b) has full memory access without the x86 chip knowing about it.
So it is not as if there is an extra development cost for the hardware now. It has been done. 'All' that is needed is the modified firmware that does what the intelligence community wants.
I do not think for one minute that the NSA is bugging every modern PC on the planet. I'm not that stupid. But with this, they have the capability to choose to exfiltrate information from any one of pretty much all modern PCs that get connected to the Internet. Yours probably has not been targeted. Mine probably hasn't. But key PCs of interest almost certainly have.
Feel free to dismiss me as a wild-eyed loon. But please do read the articles I link to, and have a think about the technical issues around this. Ask, "Is it possible?". And ask "If it is possible, would the NSA do this?". The intelligence budget the USA have is not small.
The technology of hardware backdoors is fascinating. How about dopant level backdoors:
http://www.extremetech.com/extreme/166580-researchers-find-new-ultra-low-level-method-of-hacking-cpus-and-theres-no-way-to-detect-it
http://thehackernews.com/2013/09/Undetectable-hardware-Trojans.html
"Despite these changes, the modified Trojan RNG passes not only the Built-In-Self-Test (BIST) but also generates random numbers that pass the NIST test suite for random numbers.”
The US military and intelligence community do worry about this sort of thing, which is why they have 'Trusted Foundries'
https://www.nsa.gov/business/programs/tapo.shtml
The list of trusted suppliers is publicly available if you follow a couple of links from the above.
"A key part of the DoD Trusted Foundry program is that it uniquely provides the US Government with guaranteed access to leading edge trusted microelectronics services for the typically low volume needs of the US Government. DMEA and NSA co-fund the Trusted Foundry program to facilitate this. The Trusted Access Program Office (TAPO) facilitates and administers the contracts and agreements with industry to provide US Government users with:
Leading edge foundry services including multi-project wafer runs, dedicated prototypes, and production in both high- and low-volume models"
A library of standard IP blocks
Limited packaging and test services"