alt Hacker News> Regulations say the baseband MUST control: all wireless signals (including wifi and GPS), all microphones and speakers, and it must be able to disable the camera electrically. It must have a tamper-resistant identifier (IMEI number ... kind of).
This is simply not true.
Source: I own a phone where this is not the case. Many Linux phones internally attach their wireless devices via USB, so there is good separation.
Also many upscale phones have decoupled the baseband from things that were once connected to it, as an attempt to improve security. (On iOS for instance the main CPU controls wifi.)
Connecting a cellular radio via USB provides far less isolation than the approach of a tiny kernel driver connected to an IOMMU isolated cellular radio on mainstream devices. USB has immense complexity and attack surface, especially with a standard Linux kernel configuration. Forensic data extraction companies mostly haven't bothered using attack vectors other than USB due to it being such a weak point. Many of the things people claim about cellular radios in mainstream smartphones are largely not true and they're missing that other radios are implemented in a very comparable way.
Cellular, Wi-Fi, Bluetooth, GNSS NFC, UWB, etc. do get implemented on secondary processors running their own OS but on mainstream smartphones those are typically well isolated and don't have privileged access to other components. The cellular radio in an iPhone or Pixel is on a separate chip but that's a separate thing from it being isolated. Snapdragon devices with cellular implemented by the main SoC still have an isolated radio. Snapdragon implements multiple radios via isolated processes in a microkernel-based RTOS where the overall baseband is also isolated from the rest of the device. There are a lot of lower quality implementations than iPhones, Pixels and Snapdragon devices but the intention is still generally to have the radios isolated even if they don't do it as well as those.