Basically all consumer hardware has some kind of backdoor for the intelligence agencies. They're also known to sit on exploits for applications and whatnot for their personal usage. When EternalBlue (the "NSA spy tool") was leaked a couple of years ago, it was noted that it utilized a Microsoft exploit to compromise systems. Clearly they were aware of it, but they kept it mum for their own personal usage.
I've posted it before, but you can search publicly accessible IoT devices on
shodan.io . I can almost guarantee you they maintain an enterprise subscription for trolling the web for access points. They have some really bright minds, but their toolsets aren't as secretive as you might think. It's more the leeway to not cut against the law that makes them more powerful than your general Security Researcher.