There are potentially millions of enterprise-managed Chromebooks in the wild, making them an attractive target for hackers. The recent discovery of the SH1MMER exploit is causing concern for many organizations that rely on Chromebooks for their day-to-day operations.
SH1MMER (Shady Hacking 1nstrument Makes Machine Enrollment Retreat) is a potentially dangerous exploit capable of completely removing enterprise-managed Chromebooks from their respective organizations, but is useful for Chromebook owners who want to maintain their privacy. Want to use an operating system? It was discovered by the Mercury Workshop team and released on Friday 13 January 2023 (Friday the 13th but has largely flown under the radar). We’re not sure if the release date is a publicity stunt or just a coincidence.
The exploit leverages the ChromeOS sham kernel, specifically modified RMA factory shams, to achieve code execution upon recovery. RMA shims are factory tools that allow some authorization functions to be signed, but only KERNEL partitions are checked for signatures by the firmware. As a result, other partitions can be modified as long as the forced read-only bit is removed. Simply put, the exploit provides root access to all file systems on a Chrome OS device.
To build an exploit from source, it is necessary to obtain the raw shims. There are several ways to obtain raw shims, including borrowing them from repair centers, obtaining a certified repair account, or finding them online. Finding the right shim is trivial if you check out chrome100.dev, where users can search for their Chromebook model and download it seamlessly. There’s no guarantee you’ll find your model there, but it does offer a pretty good inventory.
Prebuilt binaries for the exploit were originally available through the official mirror (dl.sh1mmer.me), but were later removed due to copyright concerns and harassment and toxicity from the ChromeOS community. The team behind SH1MMER has expressed its disappointment at the negative response and encouraged users to utilize the means.
In conclusion, the SH1MMER exploit is a significant threat to enterprise Chromebooks but can be a boon for hobbyists and Chromebook owners who want to get their hands dirty and truly own their devices. are