Correct. This may not have been perfectly locked down before the secure element, but Apple’s design goal has always been that the device hardware prevents even Apple itself from retrieving encrypted data without the passcode, and that passcode should have a strictly limited number of attempts to guess.
Bugs will always be found and it’s a mistake to think even the latest iPhone is immune to attack. In particular, the baseband continues to be a large attack surface, and IMO is the vector most likely used by the Saudis to remotely access iPhones on their cellular network.
I’d feel safer if a powered off iPhone did not connect to any network (WiFi, Cell, or USB) after booting until the passcode is entered.
Bugs will always be found and it’s a mistake to think even the latest iPhone is immune to attack. In particular, the baseband continues to be a large attack surface, and IMO is the vector most likely used by the Saudis to remotely access iPhones on their cellular network.
I’d feel safer if a powered off iPhone did not connect to any network (WiFi, Cell, or USB) after booting until the passcode is entered.