New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

2023-02-01 10:46

A new exploit has been devised to "Unenroll" enterprise- or school-managed Chromebooks from administrative control.

Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users.

A Chromebook can then be booted in developer mode with the drive image to invoke the recovery options.

A shim image can either be universal or specific to a Chromebook board.

SH1MMER takes advantage of a modified RMA shim image to create a recovery media for the Chromebook and writes it to a USB stick.

The SH1MMER menu can be used to re-enroll the device, enable USB boot, open a bash shell, and even allow root-level access to the ChromeOS operating system.

News URL

https://thehackernews.com/2023/02/new-sh1mmer-exploit-for-chromebook.html

#chromebook #exploit