Hardware backdooring is possible - By Jonathan Brossard
(This one more recent from nullcon, made a splash from DefCon 20 earlier).
It's not really much of a stretch that an agency (commercial, criminal or government) that dedicated a few man-years of work could come up with something along these lines.
There's really only one-and-a-half "out there" claims: the "half" being networking via audio, the "one" being cross-platform.
It'll be interesting to see if they manage to grab a dump of the malware and we can get more eyes looking at it...