Comment by cyphar

We're not in disagreement (I never claimed or even implied that USB is bug-free) -- but in order to get an RCE or DMA-like access you first need to exploit the USB stack. PCIe gives you that kind of access for free by design (almost -- there is IOMMU these days but there is little evidence that it is nearly as secure as hardware vendors claim, and you'd need to have phone hardware which supports it).