For anything important, the manufacturer is going to have a way of getting root so enough front-doors exist already, and how well does that company protect its key?

The bottom line is that if the answer to this question is important, assume yes, and for all threat actors.

Is the massive problem you see that the Chinese might be doing this or that the company that sold/gave you your device absolutely is?

>Maybe the NSA is on this and spends a lot of time reverse engineering consumer electronics but sadly I tend to doubt it.

It's more likely the CIA[0] is exploiting consumer electronics that the NSA -- the Joshua Shulte trial cast a lot of light on the tools folks deploy locally.

There's a LOT more of these exploits that need a human in the loop to deploy -- I'd be more worried about who you let near your electronics than where they were made.

I don't think anyone is deliberately inserting backdoors, but existing business pressures lead to rushed, sloppy code which due to the nature of the internet of things is difficult or impossible to patch.

While these devices may be manufactured in China, they are designed all over -- Korea, Taiwan, and of course, right here in the USA.

Keep in mind how hard it is to avoid "showing your hand" if you have access to information -- even if "The Chinese" (or "The NSA" or any other entity) had some godlike ability to spy, you need a human analyst to listen to the interception. Perhaps a second to translate it. And then someone needs to decide what to do with it. Multiple that by soooo many interesting people having interesting conversations...

I'd focus on things like using E2EE comms, MFA on your accounts, etc rather than some boogieman exploiting nation level tradecraft to own you in particular.

https://en.wikipedia.org/wiki/Joshua_Schulte#Leaks_of_classi...