If you’re one of the more than 50 million people who use Chromebooks for school (this number is about a year out of date), you’re probably used to the limitations placed on your device to protect you from straying too far from its intended purpose as a learning tool.
Company-issued business laptops are similarly restricted to prevent you from doing specific non-work-related activities, forcing you to purchase a separate computer to use as your own.
Until now, that is. SH1MMER is a new admin control attack that can bypass Google’s security measures by exploiting vulnerabilities in officially supported products. The shim is an exploit often used by laptop repair technicians to perform diagnostics and repairs.
Admin restrictions on Chromebooks
How the shim works is detailed in a post on GitHub:
Only the KERNEL partitions are verified for signatures by the firmware, however RMA shims are a manufacturing tool that enable signing of specific permission functions. If we disable the read-only flag on the other partitions, we’ll have free reign to make whatever changes we choose.
Unenrolled Chromebooks “behave totally as if it is a personal computer and no longer include malware or blocker extensions” when users follow the steps outlined on the SH1MMER website, which involve loading a USB with at least 8GB of storage with a shim image.
Multiple sources, including an educational forum, indicate that Google is aware of the vulnerability discovered by the so-called Mercury Workshop and disclosed on January 13.
According to the corporation, IT departments in both schools and businesses need to keep an eye out for idle computers. Blocking websites that disseminate exploits, such as sh1mmer.me, alicesworld.tech, luphoria.com, and bypassi.com/, is also possible, as is disabling enrollment rights and access to the Chromebook Recovery Utility extension.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover