A new exploit called ‘Sh1mmer’ can be used to “unenrolling” enterprise-managed Chromebooks to install apps and bypass device restrictions.
What is SH1MMER Exploit?
SH1MMER (Shady Hacking 1nstrument Makes Machine Enrollment Retreat) is a potentially dangerous exploit capable of completely unenrolling enterprise-managed Chromebooks from their respective organizations, but useful for Chromebook owners who want to use the operating system while still maintaining their privacy.
The exploit takes advantage of the ChromeOS shim kernel, specifically modified RMA factory shims, to gain code execution at recovery. It create their own sh1mmer binary using the their web builder. After that, the user can create the Chromebook recovery media on a USB drive.
Once done, rebooting the Chromebook via the recovery mode through this USB will take the user to the SH1MMER menu.
On top of allowing a user to unenroll their device, this exploit also comes equipped with the following features:
- Device re-enrollment
- USB Boot Enablement
- Google binary block flag wiping
- rootFS verification disablement
- block_devmode disablement
- Bash terminal
Finally ,SH1MMER menu can be used to re-enroll the device, enable USB boot, open a bash shell.
However, the exploit is a significant threat to enterprise-managed Chromebooks but can be a boon for hobbyists and Chromebook owners who want to get their hands dirty and truly own their devices.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment