My new article - Georgia hasn't, and can't, certify crucial vote software update
Undescribed Horrific Abuse, One Victim & Survivor of Many
gmkarl at gmail.com
Mon Jul 10 06:21:51 PDT 2023
Notable excerpt from PDF:
> 8.3 Accessing a Root Shell via the Built-In Terminal App
>
> Issue: The ICX has a built-in Terminal Emulator app that is configured so that
> the user can easily obtain a command-line shell with supervisory privileges.
>
> After escaping kiosk mode, an attacker can easily launch any app installed
> on the ICX. The machine contains 20 pre-installed apps, most of which appear
> unnecessary for its use as a BMD. Most notably, there is a Terminal Emulator
> that provides access to a Linux shell, a powerful text-based user interface.
>
> Moreover, the ICX is configured such that the Terminal Emulator user can
> easily obtain supervisory (“root”) access privileges by simply selecting “Allow”
> at an on-screen prompt, shown in Figure 11. With root privileges, terminal
> commands can completely bypass the Android operating system’s access control
> restrictions and make arbitrary changes to the device’s data and software.
>
> The Terminal Emulator made analysis of the device much more efficient, since
> I was able to easily access, control, and modify any part of the data
> or software. It also makes it easy for an attacker to install programs or run automated
> commands for malicious purposes.
More information about the cypherpunks
mailing list