[wladimir]

I'm not sure about CPUs. They don't have direct connections to the outside world. If you want to distrust any hardware, it makes sense to focus on communication peripherals such as network cards, wifi/gsm modems etc.

For example the baseband processors in phones contain a complicated firmware of 16 MB+. This contains many hidden diagnostic modes on various subsystem levels. Baseband processors have been known to be exploited remotely, and as they have direct connection to the main CPU, giving full control over the device, including GPS, camera etc.

There have also been bugs in wired networking hardware in which specially crafted packets resulted in low-level crashes. It was not exploitable in the cases I remember, but I'm sure someone persistent enough and with the right skills may be able to find some.

None of these examples actually "phone home" in the classic sense, but my point is that these peripherals have proprietary firmware that is hardly under public scrutiny, and anything can be hidden in them.

[andor]

Also, if connected via PCI, networking hardware has direct memory access. AFAIK most GSM modems are USB devices, though.

[wladimir]

Most GSM modems are part of SoCs. Indeed for USB dongles for your PC or laptop it's different, but that's not the "baseband processor" I was talking about. It would be somewhat harder to exploit the parent system through USB (at least if the driver can be trusted), on the other hand it could temporarily pretend to be a keyboard and storage device but that'd be very OS dependent.