A new exploit has been devised to “unenroll” corporate or school-managed Chromebooks from administrative control.
When you enroll ChromeOS devices, device policies set by your organization are Google Admin Consoleincluding features available to users.
“Each enrolled device complies with the policies you set until you wipe or deprovision it,” Google said. State in that document.
There exploit – Called Shady Hacking 1nstrument, also called Machine Enrollment Retreat SH1MMER – Allow users to bypass these administrative restrictions.
This method is also a reference to shim, a return material authorization (RMA) disk image used by service center technicians to reinstall the operating system and run diagnostics and repair programs.
Signed by Google sim picture “A combination of existing Chrome OS” factory bundle Components” – specifically release images, toolkits, and firmware – can be flashed to a USB drive.
You can then use the drive image to boot your Chromebook into developer mode and invoke recovery options. A shim image can be either universal or unique. Chromebook board.
SH1MMER creates Chromebook recovery media using a modified RMA shim image and writes it to a USB stick. for that purpose, online builder To download a patched version of RMA Shim with an exploit.
The next step is to boot the Chromebook into recovery mode and connect the USB stick containing the image to the device to display the modified recovery menu and allow the user to fully unenroll the machine.
According to the Mercury Workshop team, which devised the exploit, “It now behaves completely like a personal computer, with no spyware or blocker extensions.”
“The RMA shim is a factory tool that can sign certain authentication functions, but only the kernel partition is checked for signatures by the firmware,” the team further states. Elaborate“You are free to edit other partitions as long as you remove the force read-only bit.”
Additionally, using the SH1MMER menu, Re-enroll your deviceenables USB boot, opens a bash shell, and allows root-level access to the ChromeOS operating system.
Hacker News has reached out to Google for comment and will update the article when we hear back.