Notable excerpt from PDF:
8.3 Accessing a Root Shell via the Built-In Terminal App
Issue: The ICX has a built-in Terminal Emulator app that is configured so that the user can easily obtain a command-line shell with supervisory privileges.
After escaping kiosk mode, an attacker can easily launch any app installed on the ICX. The machine contains 20 pre-installed apps, most of which appear unnecessary for its use as a BMD. Most notably, there is a Terminal Emulator that provides access to a Linux shell, a powerful text-based user interface.
Moreover, the ICX is configured such that the Terminal Emulator user can easily obtain supervisory (“root”) access privileges by simply selecting “Allow” at an on-screen prompt, shown in Figure 11. With root privileges, terminal commands can completely bypass the Android operating system’s access control restrictions and make arbitrary changes to the device’s data and software.
The Terminal Emulator made analysis of the device much more efficient, since I was able to easily access, control, and modify any part of the data or software. It also makes it easy for an attacker to install programs or run automated commands for malicious purposes.