It was pointed out to me before that one will never solve physical attacks with software. I am not aware of any applied research in this area either to counter that argument.
Short of physical mitigations (at scale for mass-produced hardware) like inspection,[1] / policy+law,[1:1] I don’t think there’s another viable solution to this.
Some folks do think hardware-based attacks are less likely on consumer-grade devices… How to Prevent OEM Software and Hardware from Spying on You? - #9 by pinkandwhite (I am not that optimistic).
“That is pretty unlikely and would show up in physical inspection, servicing. Also any device sold in the US with cellular access needs a FCC authorization so there isn’t any way to legally hide this in a device.” How to Prevent OEM Software and Hardware from Spying on You? - #10 by dngray ↩︎ ↩︎