Select Page

A new exploit has been devised to “unenroll” enterprise- or school-managed Chromebooks from administrative control.

Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users.

“Each enrolled device complies with the policies you set until you wipe or deprovision it,” Google states in its documentation.

That’s where the exploit – dubbed Shady Hacking 1nstrument Makes Machine Enrolment Retreat aka SH1MMER – comes in, allowing users to bypass these admin restrictions.

The method is also a reference to shim, a Return Merchandise Authorization (RMA) disk image used by service centre technicians to reinstall the operating system and run diagnosis and repair programs.

The Google-signed shim image is a “combination of existing Chrome OS factory bundle components” – namely a release image, a toolkit, and the firmware, among others – that can be flashed to a USB drive.

images from Hacker News