Honestly, a phone manufactured in 2006 is probably vulnerable to a similar attack. The larger point is that state-sized threat actors (and the carriers they work with) have a crazy level of control that cannot be underestimated. Especially in 2022, it's hard to look at any sufficiently complex smartphone and assume it's not vulnerable to sufficiently motivated threat actors.