If they have access to the manufacturers, it would be the simplest, minimum-effort, minimum-risk approach. It is also what I would do, given the chance.
Taking into account what we have learned this year about the extent of the activities of the intelligence services, I think we have to assume that somebody (Whether the NSA, the FSB or somebody else) has compromised the manufacture of at least part of the electronics and/or software supply-chain.
I am not too sure what it would take to audit the software and hardware components in common use today?
Taking into account what we have learned this year about the extent of the activities of the intelligence services, I think we have to assume that somebody (Whether the NSA, the FSB or somebody else) has compromised the manufacture of at least part of the electronics and/or software supply-chain.
I am not too sure what it would take to audit the software and hardware components in common use today?