If you’re one of the more than 50 million Chromebook users in education (though Google (opens in new tab)’s figure is almost a year out of date), then you’ll be familiar with the restrictions imposed on your laptop to keep you within the realms of its intended use as a classroom tool.
Similar restrictions are also placed on company-provided business laptops to keep you from doing certain non-work-related tasks, leaving you with little choice but to invest in a secondary device to use as your own.
That is, until now. A new admin control exploit, called SH1MMER, uses legitimate tools approved by Google to break out of restricted mode. The hack, known in the industry as a shim, is ordinarily designed for laptop repairers to run diagnostics and fix devices.
TechRadar Pro needs you! (opens in new tab)
We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey (opens in new tab) and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.
D. Athow, Managing Editor
Chromebook admin restrictions
A GitHub post (opens in new tab) explains how the shim works:
“RMA shims are a factory tool allowing certain authorization functions to be is signed, but only the KERNEL partitions are checked for signatures by the firmware. We can edit the other partitions to our will as long as we remove the forced readonly bit on them.”
Following a set of instructions posted on the SH1MMER website (opens in new tab), which includes loading a USB with at least 8GB of storage with a shim image, users will be able to unenroll their Chromebook seeing it “behave entirely as if it is a personal computer and no longer contain spyware or blocker extensions.”
Google is reportedly aware of the exploit that was found by the 15 members of the so-called Mercury Workshop, which was released on January 13, however several reports claim that it is still unpatched, including an education forum (opens in new tab).
The company says that Enterprise and Education administrators should continually monitor for inactive devices. They can also turn off enrollment permissions, block access to the Chromebook Recovery Utility extension, block access to chrome://net-export to prevent users from capturing wireless credentials, and block access to exploit-spreading website like sh1mmer.me, alicesworld.tech, luphoria.com, and bypassi.com.
Google told TechRadar Pro:
"We are aware of the issue affecting a number of ChromeOS device RMA shims and are working with our hardware partners to address it."
- Need new company hardware? Here are the best workstations and best mobile workstations