Come on Reg, stop being used like this
Are you trying to tell me that a security "researcher" has "discovered" a way to upload a custom firmware to a device if he has physical access to it for a few minutes?
ZOMG WTF STOP THE PRESSES! ?
Hey news flash people. Give me physical access to stuff in your building and I can reprogram your routers, reprogram ANY phone ("vulnerable" or not) and do it all just as fast, and just as easily, as this guy can - especially if I know in advance what gear I'll be fiddling with. Even better I can sprinkle listening devices and cameras like pixie dust throughout your offices etc etc ad infinitum.
Physical access trumps all. Calling this a security "vulnerability" is laughable and El Reg should be ashamed of itself for getting on board with this without due diligence.