An ethernet<->usb dongle that an ISP tech support guy is likely to have is more likely going to be a single purpose translator without upgradable firmware (because this makes it the cheapest possible, and these types of devices rapidly fall to the "cheapest possible" price point).

You also did not say what OS you are running on your laptop. If it is any later version of MS Windows, then you have infinitely more to worry about from Microsoft OS level spyware/malware/adware provided in a future Microsoft OS update than from a USB<->Ethernet dongle a random ISP tech. guy happened to have.

> that sophisticated could very easily get baked into brand new hardware at the fab without anybody knowing.

While possible, this is unlikely baked into /every/ device. It would more likely be a /special run/ at the request of Spy agency X and targeted for a specific shipment to a particular target. If for no other reason than the fab is going to want to be paid extra for the /special service/ provided.