If you're not familiar with the iPhone platform and you're interested in just one technical detail to help navigate these stories, let it be this: the iPhone 3G platform bears very little resemblance to the modern, post-touch-ID phone. The platform security system at every level, from boot chain to hardware domains to OS security, evolved more in the last 10 years than any previous platform had in 20 years prior.
That doesn't make an iPhone 7 impregnable, but it should inform any analysis you do of stories about phones being tampered with "starting in 2008"; that's a little like talking about SMTP server security "starting in 1993".
I have not read the leaked docs, however from the description it sounds like the good old 0x24K bootrom exploit[0] which lasted through the earlier revisions of 3GS until it was patched in hardware. There were a few bootrom exploits but by the time iPhone 5 came out, this vector was mostly gone if not entirely and every jailbreak since then required an initial priviledge escalation in the userland.
Its one thing to state that the current version of the iOS is 'more resilient to intrusion/usurpation than an other version', and its another thing entirely to understand that Apple, Inc., itself .. may not be as resilient as required in order to validate the position that 'we can stop worrying about the CIA'.
We should not 'stop worrying about the CIA' just because Apple came to the rescue and already fixed the bugs.
We should, in fact, continue to apply pressure to such vendors of digital enslavement as Apple, and the rest of the sordid gang, to provide real evidence that "Things are Okay™", when asked.
I have no idea how you would begin to demonstrate that a body of source code as big (in both lines of code and length / size of the development project) as iOS, Android/Replicant/Lineage, or any other modern operating system contains zero backdoors, especially when your threat model involves the software authors helping you over a period of many years to weave those backdoors into the OS and obfuscate them as much as necessary.
I also have no idea how to audit a physical phone I have received from an Apple Store to make sure that the hardware and firmware faithfully implement what they are supposed to be implementing.
I still wonder how much it would have cost the FBI to crack the passcode/phrase on a phone with secure enclave. I also wonder if an agency like the NSA has capabilities around these devices and would they be willing to expose such capabilities in another similar scenario. A final musing of mine is if they wouldn't just claim some group or another did it for $X,000,000 dollars to make it all seem plausible (e.g. the cost and attack scenario on the 5c was plausible and probably required desoldering the storage, but that won't help on a device with the enclave system).
The encrypted by default iOS 4 and the whole design around passcode handling in that release was the start of a very strong security posture for Apple and their iOS devices.
Sadly, I can no longer update my comment, but please note that the iPhone 5S, 6, and 6+ are equipped with Secure Enclave.
As recently as last April, the FBI was claiming they could not access 5S or newer models[1] (at least with the hack they reportedly bought for over $1 million[2]).
I always find it fascinating to read and understand the mistakes or yesteryear. Many of the same architecture flaws can be found in systems today, and likely tomorrow. Bugs, on the other hand, are fun because we tell ourselves we would never make those mistakes, and then proceed to make them.
As an iPhone 3G user who spends a lot of time bouncing between countries, this makes me think I should upgrade to something more recent the next time I'm headed anywhere there's a risk customs may inspect my devices.
Customs is a different threat model: they have the ability to say "Please unlock your phone and show us what's on it." You can refuse, although that might get your device confiscated or your trip delayed or cancelled. The CIA's threat model in the leaked documents involve silent software exploits. There's no involvement with the human owner of the device.
It's very important to understand the silent-exploit threat model! That's the model used when someone is being investigated as a terrorist (or freedom fighter) and the government doesn't want to make them aware they're being surveilled, because they might change their plans.
In particular, the 3G is going to be highly vulnerable to silent exploits because of the lack of software updates, but that's not your concern at the border. Your concern is the lack of Secure Enclave on the 3G. That means that if they take your phone from you, they can image the contents of it fairly easily, without needing a fingerprint or passcode from you. If you get a newer phone, enable encryption, and use a strong passcode instead of a fingerprint, you can reboot the phone before a border crossing, and then the data is strongly protected unless you choose to give up your passcode.
For the customs threat model, you might also want to bring a different phone with limited data when traveling. It might make sense to have a powered-off phone with a Secure Element somewhere separate from you (e.g., shipped via post), and just use the 3G for contacting folks while in transit, wiping all interesting data from it. In theory, this means your secure phone could get confiscated but you can't be compelled to unlock it (since you're not physically with it). I'm curious if other folks on this forum think this is a reasonable plan.
... Also, the easy vulnerability to silent exploits is probably a huge threat for you for non-government attackers, which are a much more common attack.
backup and wipe your phone before you travel. there are several stories now of customs compelling you to unlock the phone before allowing you to leave.
Unless you have to, leave your fancy device at home and bring a dumb(er) travel phone with you that only contains the information you need for that trip. And there's nothing stopping you from loading more information on it after you've made it through customs.
Have you heard "indefinitely" anywhere? I helped write both versions of the EFF border search guide and I don't think I've ever heard of "indefinitely", either as a threat or a reality.
What were the big changes? Beside the obvious changes in hardware components like different custom ARM SoC, different modem chip, added fingerprint sensor, etc. what are the software changes? I guess you use now fuzzing, static code analysis, semi-automatic proofing on some import kernel drivers. You mentioned boot chain... bootloader, RAM FS, etc. The iPhone OS started as a fork of OSX, which is based on NextStep with the interesting mix of BSD Unix with Mach. So from the OS perspective I guess it still largely resembles the same architecture that was laid out decades ago.
That doesn't make an iPhone 7 impregnable, but it should inform any analysis you do of stories about phones being tampered with "starting in 2008"; that's a little like talking about SMTP server security "starting in 1993".