HSIC (and USB in general) is a very complicated stack. Host-controlled DMA is probably in use, which is fragile at best. Historicically evil has definitely been possible with USB, and we all know how good phones are about getting updates.
Wait, so you were talking about the baseband chips?
Both Google and Apple design against the baseband chips as adversarial components. Before we play the "but HSIC is complicated and there's DMA in it", we're talking about security teams that have designed and implemented encrypted memory busses; I think they can handle bog-standard interconnects. I can't speak to random Xiaomi phones, but the baseband security risk story on modern flagship phones is pretty much a myth.
"Phones are insecure because baseband DMA" is a pretty reliable way to spot people who, for lack of any better way to put it, tend to get their security news from Boing Boing.
I've done some platform work on phones, but I'm not close to a leading expert on this stuff (I'm an old-school bug hunter with a focus on crypto bugs, which drags me into some odd corners sometimes). I try hard not to assume that my exposure to this stuff means I know more than other people, not least because that habit has gotten me pantsed in debates with people who know a lot more than me. Modern phones are super complicated and I do not have their block diagrams available to recall from memory. Maybe there is some component that can DMA over arbitrary AP memory that I just wasn't aware of. Are you aware of one? Have you worked on these systems?
I trust Google, but I don't trust vendors. I expect vendors to make compromises left and right to deal with shitty hardware (oh, the radio doesn't work with this security feature enabled? Meh, we don't need it).
However, I'll admit that you seem more knowledgable than me on the subject, so I won't spout FUD if you say so.
This is a valid concern for off-brand Android phones. Google's Android security team is on top of this stuff with their hardware vendors. Nobody in the industry does hardware security better right now than Apple. In neither case is the Boing Boing narrative of "bug on the baseband means you own the whole phone" true. I'm sure there's an Android phone on the market where it is true, but there are a lot of crappy Android phones.
For those of you playing along at home, it's this "there are a lot of crappy Android phones" thing that dominates our concerns about Android, and is the reason we recommend to laypeople (lawyers, reporters, NGOs) to get iPhones and avoid Android phones.
I'm not sure if "Evil/BadUSB"-style vulnerabilities really apply to HSIC, where the code would know what kind of device to expect. It's possible there are ways to make this work - I'm not aware of any past vulnerabilities of this nature, but I'm not familiar enough with this topic to really make an educated guess. Either way, it doesn't seem like a matter of "just find a zero-day in the baseband and you get DMA", it's more along the lines of a vulnerability in, say, Safari, which then needs all kinds of sandbox escapes and privilege escalations to be useful for an attacker, and it still does nothing to get past Secure Enclave (and possibly Android's variant of that).
