alt Hacker Newswell, a concerted attack could easily subvert the baseband if you have a few million dollars and the correct letterhead or private contacts.
GrapheneOS really wants the software in the phone to not pwn the phone. This is good. Its a different, and much more difficult problem to secure the connection to the telco, and the larger internet, because the transport is attacker controlled.
Think of it this way: Say you use Qubes because security is valued very highly for you. Even if you run Qubes, if your router is controlled by your attacker, what kind of a security guarantee could you really get for yourself?
> Even if you run Qubes, if your router is controlled by your attacker, what kind of a security guarantee could you really get for yourself?
I do run Qubes, and a compromised router, e.g., will not get access to any passwords that I store in an offline VM as text, even with any previously known vulnerability since 2006.