Here the scope of the PT was something different than getting access to the filesystem or bypassing corp filters. Breaking the mdm implemented in the firmware was the crude target.