This new Chromebook hack could let you sideload your work laptop

Chromebook
(Image credit: Future)

If you’re one of the more than 50 million Chromebook users in education (though Google’s figure is almost a year out of date), then you’ll be familiar with the restrictions imposed on your laptop to keep you within the realms of its intended use as a classroom tool.

Similar restrictions are also placed on company-provided business laptops to keep you from doing certain non-work-related tasks, leaving you with little choice but to invest in a secondary device to use as your own.

That is, until now. A new admin control exploit, called SH1MMER, uses legitimate tools approved by Google to break out of restricted mode. The hack, known in the industry as a shim, is ordinarily designed for laptop repairers to run diagnostics and fix devices.

<a href="https://project.tolunastart.com/tqsruntime/main?surveyData=Q0+ZHk1v+seerVJPB3MBeiu8DEMDIBDHisYB81cDeXB+Tl4/OZ5giQDtZEDgULgE" data-link-merchant="project.tolunastart.com"">TechRadar Pro needs you!
We want to build a better website for our readers, and we need your help! You can do your bit by filling out <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=Q0+ZHk1v+seerVJPB3MBeiu8DEMDIBDHisYB81cDeXB+Tl4/OZ5giQDtZEDgULgE" data-link-merchant="project.tolunastart.com"" data-link-merchant="project.tolunastart.com"">our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Chromebook admin restrictions

A GitHub post explains how the shim works:

“RMA shims are a factory tool allowing certain authorization functions to be is signed, but only the KERNEL partitions are checked for signatures by the firmware. We can edit the other partitions to our will as long as we remove the forced readonly bit on them.”

Following a set of instructions posted on the SH1MMER website, which includes loading a USB with at least 8GB of storage with a shim image, users will be able to unenroll their Chromebook seeing it “behave entirely as if it is a personal computer and no longer contain spyware or blocker extensions.”

Google is reportedly aware of the exploit that was found by the 15 members of the so-called Mercury Workshop, which was released on January 13, however several reports claim that it is still unpatched, including an education forum.

The company says that Enterprise and Education administrators should continually monitor for inactive devices. They can also turn off enrollment permissions, block access to the Chromebook Recovery Utility extension, block access to chrome://net-export to prevent users from capturing wireless credentials, and block access to exploit-spreading website like sh1mmer.me, alicesworld.tech, luphoria.com, and bypassi.com.

Google told TechRadar Pro:

"We are aware of the issue affecting a number of ChromeOS device RMA shims and are working with our hardware partners to address it."

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!