The article quotes the part of the Signal blog that said “a real exploit payload would likely seek to undetectably alter previous reports, compromise the integrity of future reports (perhaps at random!), or exfiltrate data from the Cellebrite machine.” A complex exploit like that would say much more about the author’s intent than a driver that shuts down the computer when a “wiggler” is detected.