I'm not sure you can draw parallels here. Who are the people "handling it", Cellebrite, the police?
The vulnerability allows any device plugged in to the "kiosk" with a malicious file to do anything it wants to any existing report on the "kiosk" as well as plant code for future execution in order to do anything else it wants.
Let's assume the device which does this does so silently, at what point are the police or Cellebrite supposed to know nothing in the kiosk can be relied on, ever?
With a piece of paper on the other hand, the other sheets in the folder don't suddenly rot when you add a maliciois sheet of paper, although this does sound like an interesting and potentially novel attack vector.
> The vulnerability allows any device plugged in to the "kiosk" with a malicious file to do anything it wants to any existing report on the "kiosk" as well as plant code for future execution in order to do anything else it wants.
It is not clear from the article that analyzing a phone with malicious files will trigger the issue, unbeknownst to the operator. (E.g. it says "it is possible to execute code that...", etc.) However, I'll take your word for it and assume it was poor reporting in this case.
That does change things, thanks for the clarification.
The vulnerability allows any device plugged in to the "kiosk" with a malicious file to do anything it wants to any existing report on the "kiosk" as well as plant code for future execution in order to do anything else it wants.
Let's assume the device which does this does so silently, at what point are the police or Cellebrite supposed to know nothing in the kiosk can be relied on, ever?
With a piece of paper on the other hand, the other sheets in the folder don't suddenly rot when you add a maliciois sheet of paper, although this does sound like an interesting and potentially novel attack vector.