Meet SH1mmer, the big bad Chromebook exploit no one is talking about

  • Published
  • Posted in Tech News
  • 2 mins read

Header image for news story about Sh1mmer

There are presumably tens of millions of enterprise-managed Chromebooks in the wild, and that makes them an attractive target for hackers. The recent discovery of the SH1MMER exploit is causing concern for many organizations that rely on Chromebooks for their daily operations.

SH1MMER (Shady Hacking 1nstrument Makes Machine Enrollment Retreat) is a potentially dangerous exploit capable of completely unenrolling enterprise-managed Chromebooks from their respective organizations, but useful for Chromebook owners who want to use the operating system while still maintaining their privacy. It was discovered by the Mercury Workshop team and was released on Friday, January 13th, 2023 (Friday the 13th but has mostly flown under the radar). We’re unsure if the release date is a publicity stunt is merely a coincidence.

The exploit takes advantage of the ChromeOS shim kernel, specifically modified RMA factory shims, to gain code execution at recovery. RMA shims are factory tools that allow certain authorization functions to be signed, but only the KERNEL partitions are checked for signatures by the firmware. As a result, the other partitions can be edited as long as the forced read-only bit is removed. In simple terms, the exploit grants root access to all the filesystems on the Chrome OS device.

To build the exploit from source, a raw shim must be obtained. There are several ways to obtain a raw shim, including borrowing them from repair centers, acquiring a certified repair account, or finding them online. Finding the right shim is trivial if you check out chrome100.dev, where users can search for their Chromebook’s model and download it without any roadblocks. It’s not guaranteed you’ll find your model there, but it offers a pretty good inventory.

The pre-built binaries for the exploit were originally available through the official mirror (dl.sh1mmer.me), but were later taken down due to copyright concerns and due to harassment and toxicity from the ChromeOS community. The team behind SH1MMER has expressed their frustration with the negative response and has encouraged users to build the exploit from source.

In conclusion, the SH1MMER exploit is a significant threat to enterprise-managed Chromebooks but can be a boon for hobbyists and Chromebook owners who want to get their hands dirty and truly own their devices.

Source: https://sh1mmer.me/

News Article Courtesy Of Dean Howell »