Sure you get a device that you can flash/root/reinstall - but will it be authenticated/allow login by Google/Your company?
> Here our objective was not to break the crypto or recover the data, it was to remove any MDM application and remove all restrictions on the device.
Yes you can remove - resell device. But MDM is not designed to prevent reinstall/selling/whatever.
Beyond Corp principles:
A particular network connection must not determine which services a user can access.
Access to services is granted based on what we know about a user and the device.
All access to services must be authenticated, authorized and encrypted.
Are you able to authorise device with your company/google? We are listening...
Here the scope of the PT was something different than getting access to the filesystem or bypassing corp filters.
Breaking the mdm implemented in the firmware was the crude target.
Sure you get a device that you can flash/root/reinstall - but will it be authenticated/allow login by Google/Your company?
> Here our objective was not to break the crypto or recover the data, it was to remove any MDM application and remove all restrictions on the device.
Yes you can remove - resell device. But MDM is not designed to prevent reinstall/selling/whatever.
Beyond Corp principles:
A particular network connection must not determine which services a user can access. Access to services is granted based on what we know about a user and the device. All access to services must be authenticated, authorized and encrypted.
Are you able to authorise device with your company/google? We are listening...