Re: If they have rooted the system...
I was actually thinking of JTAG. Lots of devices have JTAG headers, but you still need to break open the box and attach a plug to it (and if they have physical access to your device, it's game over, debug / diag ports or not - if I can plug it in and measure signals over an osmelloscope, x-ray the parts and take thermal images of what it's doing internally...).
The secure coding memo does not seem to have filtered down to the hardware design teams, who are probably still being asked to suck every last clockcycle (clocksuckers?) out of the silicon and at some point the decision will be made to trade off one against the other.
From there, fine, if someone has root access, it's very bad, but the fact that you have direct access to a tiny subset of very important data, you can start filtering out what is data or look at specific parts of the chip - say security subroutines, and just monitor that...Exfiltering terabytes of raw data is one thing, but sit there gently poking the cpu for somthing interesting then only taking that when it's detected for example to improve your tailored access?
Hanlon's razor says cockup before conspiracy, but when you do know that TLA's are out to get whatever they can, in IT starting with the clipper chip, and carrying on over the last 25 years at least... who knows.
/rant.
Biting the hand that feeds IT
