Notable excerpt from PDF:
> 8.3 Accessing a Root Shell via the Built-In Terminal App > > Issue: The ICX has a built-in Terminal Emulator app that is configured so that > the user can easily obtain a command-line shell with supervisory privileges. > > After escaping kiosk mode, an attacker can easily launch any app installed > on the ICX. The machine contains 20 pre-installed apps, most of which appear > unnecessary for its use as a BMD. Most notably, there is a Terminal Emulator > that provides access to a Linux shell, a powerful text-based user interface. > > Moreover, the ICX is configured such that the Terminal Emulator user can > easily obtain supervisory (“root”) access privileges by simply selecting > “Allow” > at an on-screen prompt, shown in Figure 11. With root privileges, terminal > commands can completely bypass the Android operating system’s access control > restrictions and make arbitrary changes to the device’s data and software. > > The Terminal Emulator made analysis of the device much more efficient, since > I was able to easily access, control, and modify any part of the data > or software. It also makes it easy for an attacker to install programs or run > automated > commands for malicious purposes.
