Chromebook SH1MMER exploit promises admin jailbreak

2023-01-30 22:45

Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER. SH1MMER - you may pronounce the "1" as an "i" - is a shim exploit, or more specifically, a weaponized Return Merchandise Authorization shim.

A shim is Google-signed software used by hardware service vendors for Chromebook diagnostics and repairs.

With a shim that has been processed and patched, managed Chromebooks can be booted from a suitably prepared recovery drive in a way that allows the device setup to be altered via the SH1MMER recovery screen menu.

SH1MMER can be applied regardless using the Chromebook Recovery Utility extension, a browser extension for creating recovery media.

Doing so requires obtaining and patching a board-specific RMA shim that's been leaked online or obtained through hacking and then patching using the exploit builder.

A company statement published online advises customers to take steps to watch for devices that have not synced recently, to disable enrollment permission for most users, to block downloads of the Chrome Recovery Utility extension, to block access to chrome://net-export in order to prevent the capture of wireless credentials, and to block access to websites distributing exploit tools like sh1mmer.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/01/30/chromebook_exploit_sh1mmer/

#chromebook #exploit #jailbreak