Right - I'm only considering exploits possible in currently existing hardware. Embedded radios or embedded ethernet for that matter are a much more obviously viable vector.
Although I'm sure you remember that thread where claims were being made that Core chips already had embedded backdoor radios -_-
Yeah... analog just looks so... different from digital. Even if Intel were to fudge their die shots, or stop providing them altogether (unlikely, given how much Intel likes to show them off), a place like Techinsights or Chipworks would pick up on that immediately. Intel's "digital radio" still uses a bit of analog, and even if it didn't, it still doesn't look even remotely similar to the rest of the circuits they use. It's not even remotely ready for prime time either.
Plus, there's the fact that Intel doesn't even have their cellular transceivers on their manufacturing processes anyway. Massive roadblock there, lol. And if they wanted to just do wi-fi, they'd be able to tap next to nothing.
And that's just the tip of the iceberg...
Anyway, the only thing I could think of as far as a "hardware vulnerability" goes is some way of snooping encryption keys. I don't know the software side of things well, so it may not be possible. But for whatever reason, my mind immediately jumped to the idea of non-volatile memory on board that could store the keys, but that would require physical access to the hardware and would be perhaps the most inefficient way possible to gain access to encryption keys. An encryption vulnerability would be really easy to work around too...