As a coda to this pre-Snowden speculation, see "Greenwald: how the NSA tampers with US-made Internet routers" http://catless.ncl.ac.uk/Risks/27.92.html#subj2

there is always the possibility that such a packet could be generated through ordinary use.

The awake sequence can be small but sufficiently complex as to not likely occur in regular traffic; and it has to be sent to a specific device and port to do its thing (not necessarily port 80). If an awake sequence was encountered at random it might enable the monitoring but if no further commands are received it may simply do nothing. Even if it locked up a device, the standard response would be to restart or replace, not undertake an investigation.

I was talking CPE. Aren't many of the ADSL modems, 3G modems distributed by Vodafone by Huawei? But in any case, a network router can still be directed to hunt for specific patterns of interest, or monitor a specific IP or port, without having to take the whole stream.

It would be quite feasible to have a backdoor in silicon that can have the monitoring software delivered over the wire to run in local memory then be deleted. That way you can deliver precise code to do just want you want with very little detectable surface in silicon.

Obviously a network-wide monitor would be easily detectable traffic wise. But a dormant trojan that can be awakened as necessary by sending a specific command sequence would be straight forward to hide and might only return small amounts of data so be essentially undetectable under most conditions.

I think it’s a given that the NSA has gone over the source code in Huawei hardware with a fine-toothed comb, but there doesn’t seem to be anything there.

I'd be impressed if the NSA had access to the source code of Huawei's products. Is there any evidence of this? More likely, they can probe the chips and seek to determine patterns of behaviour, and possibly try and reverse engineer code but not from source.