> iPhone vulnerabilities are a dime a dozen

Does "dime a dozen" mean "6-7 figures USD per each on the global exploit market, with a dozen well-known regular buyers"?

Can you expand on what you mean here. I'm not entirely convinced you understand the security situation (nor what "0-day" means in this context) but I'm willing to accept I'm the one being naive here.

Say they have an old powered down iphone with an alphanumeric PW (or a temporarily powered-on locked iphone). What's the realistic risk for a run of the mill burglary? You think they can bypass the PW prompts, exploit an up-to-date OS, and decrypt the HD with a vulnerability available to the general public? And local data on my old phone, ie, some photos and some old iMessages on my device are a serious personal/financial risk?

I already changed the (tiny) set of relevant passwords not-2FAd immediately and everything else relevant is 2FA'd. My SIM card was delisted immediately by my telecom after I found out and the phone theft was reported to a national hotline/database, so not sure why I need to "change" my (phone number-only) 2FAs...

I mean you're kind of setting the parameters with hindsight here. On paper alphanumeric was always known to be more secure. But there was a very long time where there was no way that your run of the mill thief was going to get the equivalent of a GreyKey and break into your pin protected, activation locked iPhone 7 by hopping on AliExpress...

https://www.aliexpress.us/item/2255800833252942.html?gateway...

I agree a run of the mill burglar wouldn't have the foresight to sit on your phone for years and years, since the value of breaking in probably diminishes almost immediately as you get a new phone, Wallet deactivates, etc. but it's not a reach to imagine that in a few years we'll see the equivalent of the current Cellebrite tech become widely available.

> but it's not a reach to imagine that in a few years we'll see the equivalent of the current Cellebrite tech become widely available

Yeah, it very much is a reach. $100 says it won’t happen, feel free to come back and collect within 5 years if I’m wrong.

If you're the kind of person to bet that a company that already got hacked for most of their data once... already has their hardware leaked on eBay because they partner with notoriously unreliable government partners... and relies on open vulnerabilities won't have their tech reverse engineered any time soon? You should save that $100 for a rainy day.

Will their tech leak, sure, that’s possible. Will equivalent tech for a future device a few years from now exist and be freely available, not as given as you seem to believe.

I find that (the prevalence of iPhone vulnerabilities) hard to believe, but I’m not an expert. What evidence do you have in support of this position?

To be clear, I believe there are vulnerabilities, just not they are as common or as easy to come by as you claim.

Even if they are they rarely bypass an already locked device. Unless they are paying big money for the latest Cellebrite. Which I'm not sure is even available commercially like that.