but we are mostly talking about a very low margin product and the volume of data that you’d need to retrieve and process to sift out anything useful would be massive and obvious so in general I think this is mostly conspiracy level thinking

Bold of you to assume they actually need to make money on these.

They also don’t need to sort through data to be problematic; they just need to be able to be remotely disabled or remotely given the order to start sniffing if they are one of the higher end systems that would be used in major infrastructure (that could process at volume).

Sure a researcher could stumble upon something… But closed source, embedded deep in the hardware, etc the number of researchers working at that level is not all that high AFAIK. The research is also from my understanding very very difficult at that level. It would be borderline equivalent to reverse engineering the Intel remote management engine or something.