I agree that they are probably subverting endpoints. Nobody has mentioned it yet, but I suspect that differential power analysis plays a big role. The published attacks using DPA have been both devastating and trivial.
The allegations of widespread hardware backdoors are ludicrous. The backdoors would eventually become public, requiring the replacement of billions of dollars worth of equipment, and the several times that cost in audits. Only a spymaster with a suicidal death wish would chain his career to that. More likely is that people are misinterpreting backdoors in a few chosen endpoints, which we can take as standard operating procedure.
The allegations of widespread hardware backdoors are ludicrous. The backdoors would eventually become public, requiring the replacement of billions of dollars worth of equipment, and the several times that cost in audits. Only a spymaster with a suicidal death wish would chain his career to that. More likely is that people are misinterpreting backdoors in a few chosen endpoints, which we can take as standard operating procedure.