I find it odd that someone would say an iPhone is “very insecure” after the USG, of all players, very publicly couldn’t get into a model from right before the security design hardened, not to mention the also very public panic in the IC about losing access to intelligence due to mobile phone developments. That’s a strange position to tout with the underlying implication that PC platforms are better.
Are you broadening “insecure” to mean “centralized, opinionated security architecture designed for tech-illiterate masses that I don’t like?” Because that isn’t what it means.
Very secure means high-assurance for both hardware and software, very insecure means no assurance for neither hardware, nor software, with control over system belonging to multiple third parties and what not, basically consumer stuff. And threat model for this consumer stuff just doesn't include an adversary capable of intercepting all of your communication and cracking less secure protocols, this is just silly. Because with such level of capabilities an adversary can just target a whole bunch of third parties that have control over your system, penetrate one of them and push a fake update to your system with screen grabbing malware or whatever. By the way, this is an example of a real world attack.
Hence the hardened part. That exploit doesn’t work against any later model, and they spent a lot of money to get into that particular phone. Even with that observation, how can one claim “very insecure?” Do you think it’s that difficult to compromise a PC with physical access? What does secure even mean to people any more?
I trust my phone a hell of a lot more than any general purpose computing platform, and I’d say the same if I owned any number of a significant collection of Android devices. This isn’t phone vs. phone advocacy, just annoyance at opinions that people disingenuously consider factual, useful observations on security.
And this was a vulnerability that concerned an iPhone 5c, which did not have a secure enclave. The iPhone 5s was the first model with Touch ID and an secure enclave.
It's like bike shedding of security, where Moxi focuses on the things he can do but for the systems where it doesn't matter.