I wonder how secure new nvidia "security" features like MIG actually are. With people running real-time audio/video transcoders on GPUs for multiple connections, I wonder whether it is possible particularly crafted video connections to leak the video of other channels being processed by the same GPU.
Even if one were to encrypt all connections, these will probably need to be decrypted on the GPU for processing.
The simple solution is memory isolation - let the modem be as insecure as you like, but anyone who breaks into the modem can only see your network traffic (hopefully all encrypted anyway) and nothing else.
Sadly todays qualcomm hardware has no real memory isolation at all - any bit of on-chip hardware can see all memory.
It isn't perfect, but it's far easier to do that than properly secure a multi-million lines of code codebase with a substantial amount of unpatchable hardware...
There is an IOMMU on snapdragons, as the article says, but it is the IOMMU mapping itself which they attack.
This itself is kind of mind boggling how they let the device overwrite its own IOMMU configuration, effectively nullifying IOMMU's purpose, and its provided safeties.
It's like fencing your house with 10 meter high walls, but leaving the key lying in front of the gate.
As someone else said, it's not a security barrier between the ARM core and the radio hardware bits... It's more a tool for remapping stuff to make system design easier, and as a way of protecting against evil hardware outside the SoC.
I believe it can prevent the ARM core tampering with private radio hardware memory, but not the other way round.
Even if one were to encrypt all connections, these will probably need to be decrypted on the GPU for processing.