No one remembers CIH??? And that was such a HUGE thing for a while. Of course, it only turned the machine into a brick. But the concept is the same. CIH wasn't even the first, but notable because it wasn't a buried in the back pages thing either. CIH was the impetus for the dual copy "BIOS protector" that I think still marketed on some motherboards to this day.
You're not that smart, or ahead of your time at least, cause CIH was the talk of the town over 10 years ago. EFI sucks balls for sure, but it really isn't what makes this shit possible.
Finally, I think this story is being a little inaccurate for my tastes and kind of conflates hardware with software (and I will admit the line can be very hazy).. but there is a practical and economic difference between a ROM with a backdoor that relies on the "trust" of the host to execute its code, and a backdoored piece of hardware that handles data (say a CPU or a disk controller) that spies passively or actively affects data that it is entrusted with.
The key difference in what is "trusting" what, and what mechanisms are failing. To a systems designer there is a difference. Moreover, even if you say to this, well I'll just audit my ROMs for backdoors (prevent untrusted ROMs), you are still screwed, because how the fuck can you trust the CPU in the box. How do you know the CPU (or GPU as people have mentioned), don't execute what they want despite what you tell them? The ROM problem is really just the software trust problem moved into a chip... the latter is different, and something that has been talked about for years. Read the old Gutmann papers from 20 years ago on secure deletion. Not new.