Chromebook SH1MMER exploit promises admin jailbreak The Register

Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER. SH1MMER - you may pronounce the "1" as an "i" - is a shim exploit, or more specifically, a weaponized Return Merchandise Authorization shim. A shim is Google-signed software used by hardware service vendors for Chromebook diagnostics and repairs. With a shim that has been processed and patched, managed Chromebooks can be booted from a suitably prepared recovery drive in a way that allows the device setup to be altered via the SH1MMER recovery screen menu. "You will now be able to, among other things, unenroll your Chromebook," the Mercury Workshop explains on its exploit website. "It will now behave entirely as if it is a personal computer and no longer contain spyware or blocker extensions. After you do this and get past the 'determining device configuration' screen, you will be able to actually turn dev mode on." An RMA shim incorporates the Chrome OS factory bundle components, with the factory install shim, a release image, a test image, a factory toolkit, a HWID bundle, and possibly other elements. Building a universal RMA shim involves using Google's image tool to download the factory software bundle, modify it with the necessary components, and create a binary that then gets flashed to a USB drive. A Chromebook in developer mode can then be rebooted from that drive image and evaluated for potential repairs. Those using managed Chromebooks - 50 million teachers and students, by Google's count - don't normally have developer mode enabled. SH1MMER can be applied regardless using the Chromebook Recovery Utility extension, a browser extension for creating recovery media. Doing so requires obtaining and patching a board-specific RMA shim that's been leaked online or obtained through hacking and then patching using the exploit builder. The tool works because, as one of the hackers involved explains, only kernel partitions are checked for signatures by ChromeOS firmware. Other partitions can be edited after the forced readonly bit is removed. In a statement provided to The Register, a Google spokesperson said, "We are aware of the issue affecting a number of ChromeOS device RMA shims and are working with our hardware partners to address it." Tablet, Chromebook shipments come crashing down Why I love my Chromebook: Reason 1, it's a Linux desktop Chromebooks are here to stay thanks to COVID, even though shipments crashed: IDC Google's ChromeOS Flex turned my old MacBook into new frustrations. The Mercury Workshop, 15 geeks credited with developing the project, warns that some pre-patched binaries found online may brick Chromebooks when applied. They advise patching a known valid shim rather than just trusting files found online. The hardware liberators suggest adding a personal account first on an unenrolled device and then adding a school account to enable switching back and forth to an uncontrolled environment. They also state that they do not endorse SH1MMER or device unenrollment as a means to cheat at school. In a discussion on Hacker News, IT types who developed their skills by breaking the less sophisticated systems of yore expressed sympathy for students trying to escape administrative control.

This Cyber News was published on packetstormsecurity.com. Publication date: Wed, 01 Feb 2023 19:26:55 +0000


Cyber News related to Chromebook SH1MMER exploit promises admin jailbreak The Register

New Sh1mmer ChromeBook exploit unenrolls managed devices - A new exploit called 'Sh1mmer' allows users to unenroll an enterprise-managed Chromebook, enabling them to install any apps they wish and bypass device restrictions. When Chromebooks are enrolled with a school or an enterprise, they are managed by ...
1 year ago Bleepingcomputer.com
Chromebook SH1MMER exploit promises admin jailbreak The Register - Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER. SH1MMER - you may pronounce the "1" as an "i" - is a shim exploit, or more specifically, ...
1 year ago Packetstormsecurity.com
New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices - A new exploit has been devised to "Unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, ...
1 year ago Thehackernews.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
7 months ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 months ago Tenable.com
In Other News: Fake Lockdown Mode, New Linux RAT, AI Jailbreak, Country's DNS Hijacked - Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. Guilty pleas and convictions of ...
1 year ago Securityweek.com
Researchers Show How to Use One LLM to Jailbreak Another - The exploding use of large language models in industry and across organizations has sparked a flurry of research activity focused on testing the susceptibility of LLMs to generate harmful and biased content when prompted in specific ways. The latest ...
1 year ago Darkreading.com
The age of weaponized LLMs is here - It's exactly what one researcher, Julian Hazell, was able to simulate, adding to a collection of studies that, altogether, signify a seismic shift in cyber threats: the era of weaponized LLMs is here. The research all adds up to one thing: LLMs are ...
1 year ago Venturebeat.com
CVE-2024-26706 - In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data ...
8 months ago Tenable.com
Operation Triangulation: The last mystery - After exploiting all the vulnerabilities, the JavaScript exploit can do whatever it wants to the device including running spyware, but the attackers chose to: launch the IMAgent process and inject a payload that clears the exploitation artefacts from ...
11 months ago Securelist.com
CVE-2023-52598 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
Scam or not? BitDefender's Scamio AI promises to have the answer - Scamio is a new AI tool that promises to help Internet users combat scams. Especially users who are not tech-savvy may have difficulties distinguishing legitimate offers and messages from scams. ADVERTISEMENT. BitDefender is known for its security ...
1 year ago Ghacks.net
Attackers Can Gain Control of Users' Queries and LLM Data Output - Gemini is Google's newest family of Large Language Models. The Gemini suite currently houses 3 different model sizes: Nano, Pro, and Ultra. Although Gemini has been removed from service due to politically biased content, findings from HiddenLayer ...
9 months ago Packetstormsecurity.com
CVE-2011-4543 - Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) ...
6 years ago
CVE-2023-52597 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
New Relic warns customers it's experienced a cyber incident The Register - Web tracking and analytics outfit New Relic has issued a scanty security advisory warning customers it has experienced a scary cyber something. "We value our New Relic community and want to make our customers aware of a recent cyber security incident ...
1 year ago Theregister.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
9 months ago Cisa.gov
CVE-2024-26820 - In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER handler cannot perform VF register ...
8 months ago Tenable.com
CVE-2024-38613 - In the Linux kernel, the following vulnerability has been resolved: m68k: Fix spinlock race in kernel thread creation Context switching does take care to retain the correct lock owner across the switch from 'prev' to 'next' tasks. This does rely on ...
6 months ago Tenable.com
CVE-2006-4874 - Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the (1) language[Admin name] and (2) language[Admin back] parameters in (a) modules/blocks.php; the (3) ...
6 years ago
CVE-2014-7957 - Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the ...
6 years ago
CVE-2017-16040 - gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an ...
5 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)