Comment by fragmede

That may be true of modern systems, but it was certainly true in the past. I"ve barely even heard of Librem 5 though. And we have no idea how actually true that is on an iPhone, thanks to Apple being Apple. (There have been limited attempts with limited success at proving this due to it's more closed nature, but I'm not willing to just take Apple's word on it.) I also don't agree on the nature of the USB attack surface but that's a different digression.

Either way, what's relevant to the thread is that the firmware is a closed-source binary blob that we scarcely have access to, so unless someone does the thing to unlock it, we're ~nowhere on a cheap LTE debugger. GNURadio might have something to say about that but maybe the hackers out in Shenzen (where LTE is 'less' patent encumbered) have different/better tools/options that we never hear about.