This is kind of backwards. There aren't as many CS grads in Israel in the first place, because they already put their top talent through 8200. It's essentially a fully socialized Masters of computer engineering, and as a SIGINT shop they are learning this sort of thing. Once their 2-3 years of service is over (which doesn't result in student loans), the government makes a lot of seed funding available for startups and the TLV ecosystem is like a mini Bay Area.

Living with your parents is more socially acceptable, so they have a huge chunk of people in their 20s with no debt, low monthly expenses, strong technology expertise from their military service, in a founder hot spot, and access to capital. The result is a lot of unicorns, particular around cyber security (https://www.techaviv.com/unicorns).

Compare to the United States, where you have to dedicate 4 years to an undergrad program, go massively in debt, pay rent, and then struggle to find seed funding. The mental model of "oh, I guess we could apply some of the detritus of our failed system" misses the idea of having a successful system in the first place.

An exercise like this sounds like it would be a rounding error in any country's national security or intelligence budgets. And now with AI you could probably automate the initial screening of devices for promising candidates for further manual exploration.

I would be kind of surprised if this wasn't standard practice, unless it's not nearly as productive as one might imagine it to be, and thus maybe not worth the effort. But cases like this show it could be pretty fruitful, but I suppose that depends on how it compares to whatever other methods intelligence agencies have that we may not know about.

Just a thought, but: maybe it’s even easier to (as well as do what you suggest, which is a good idea) build and sell buggy (ie backdoored) devices.

What’s easier, marketing or finding bugs :-)

(Not a rhetorical question)