i have a question: say i wanted to build a global monitoring system using devices that consumers purchase themselves (TVs, computers, cell phones, digital cameras, printers, fax machines, answering machines, telephones, etc. anything with a wired or wireless capability)....and say i wanted to set up a central command someplace in the us or where ever with a bank of computers each that has the capacity to link into any device any time as long as that device had wireless capabilities, regardless if the user checks connect to wifi box or not. so basically, a program to hack into user devices using legitimate "updates" and versions as a means by which to download programs and upload the activity for any given device on a regular and non-red-flag-raising way....but a program that could piggyback itself on source code in a hidden directory of secondary source code (a surveillance trojan i suppose) that deployed itself throughout the user's machine without the user being able to detect it even if they looked for it because the directory was a hidden one that could not be accessed via sudo/root commands because it was under an entirely different set of privileges and permissions. the user could not even do a show hidden files cmd because the parallel directory was written to be latent and invisible and operate piggy backing on other legitimate processes and applications. but more, to write a program that allowed anyone surveilling your machine to have remote access to not only look through the contents of your machine, but to turn apps on without your knowing, like the remote desktop and remote management apps, like java virtual machine and vnc....like isight and audio functions....theoretically, there are enough configurations in linux unix bsd osx etc to potentially write the right kind of source code to exploit and manage something like this, right? so it would be a dual system with a top layer of functionality that is in the user's control...and a bottom layer of functionality that the user does not even know about. is it possible to write a program to do something like this? how long would it take? what kinds of bugs or problems might be anticipated? this is assuming that the manufacturers of the devices are aware of this and have built the devices to specifics that optimize this sort of thing. say they've entered into a security contract with a client who wants to monitor a population 24/7 without the population knowing and without spending any more money than is necessary to get it up and running.