I have 10 Supermicro machines sitting in the room next door, bought through the years. If someone would tell me where to look I'd be happy to tear them down, but without any specifics, such as the serial numbers or SKUs of affected hardware it seems a bit thin. Though the hack itself sounds totally believable, compared to Van Eck Phreaking or powerline exfiltration it sounds pretty easy.
I've got an X10SAE and X9SRA I could check, but I would be surprised if the same thing targeted the consumer market. It seems like looking for redundant SPI flash and/or unpopulated/half-populated footprints would be a start. Although I've got to wonder if the implant was really using a redundant footprint for the flash, why it wasn't just in the appropriate package rather than the custom jobber Bloomberg implies.
Frankly I've got to reread that original article. It gave me a headache with the continual reiteration/illustration of just how small the implant was, and other anti-informative cruft. Wait until they find out about the size of transistors inside CPUs...
SPI works by paralleling all of the shared lines, and each chip having its own CS line. So you can't really enumerate like that, without already having enumerated the CS lines.
I2C works closer to how you're thinking, but even there a hostile implant doesn't need to have an protocol-dictated address to corrupt someone else's traffic.
