New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

A new exploit has been devised to "Unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users. "Each enrolled device complies with the policies you set until you wipe or deprovision it," Google states in its documentation. That's where the exploit - dubbed Shady Hacking 1nstrument Makes Machine Enrollment Retreat aka SH1MMER - comes in, allowing users to bypass these admin restrictions. The method is also a reference to shim, a Return Merchandise Authorization disk image used by service center technicians to reinstall the operating system and run diagnosis and repair programs. The Google-signed shim image is a "Combination of existing Chrome OS factory bundle components" - namely a release image, a toolkit, and the firmware, among others - that can be flashed to a USB drive. A Chromebook can then be booted in developer mode with the drive image to invoke the recovery options. A shim image can either be universal or specific to a Chromebook board. SH1MMER takes advantage of a modified RMA shim image to create a recovery media for the Chromebook and writes it to a USB stick. Doing so requires an online builder to download the patched version of the RMA shim with the exploit. The next step entails launching the recovery mode on the Chromebook and plugging the USB stick containing the image into the device to display an altered recovery menu that enables users to completely unenroll the machine. "It will now behave entirely as if it is a personal computer and no longer contain spyware or blocker extensions," the Mercury Workshop team, which came up with the exploit, said. "RMA shims are a factory tool allowing certain authorization functions to be signed, but only the KERNEL partitions are checked for signatures by the firmware," the team further elaborated. "We can edit the other partitions to our will as long as we remove the forced readonly bit on them." The SH1MMER menu can be used to re-enroll the device, enable USB boot, open a bash shell, and even allow root-level access to the ChromeOS operating system. The Hacker News has reached out to Google for comment, and we will update the story if we hear back.

This Cyber News was published on thehackernews.com. Publication date: Wed, 01 Feb 2023 13:58:03 +0000


Cyber News related to New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

New Sh1mmer ChromeBook exploit unenrolls managed devices - A new exploit called 'Sh1mmer' allows users to unenroll an enterprise-managed Chromebook, enabling them to install any apps they wish and bypass device restrictions. When Chromebooks are enrolled with a school or an enterprise, they are managed by ...
1 year ago Bleepingcomputer.com
Chromebook SH1MMER exploit promises admin jailbreak The Register - Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER. SH1MMER - you may pronounce the "1" as an "i" - is a shim exploit, or more specifically, ...
1 year ago Packetstormsecurity.com
New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices - A new exploit has been devised to "Unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, ...
1 year ago Thehackernews.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 week ago Aws.amazon.com
From Trend to Mainstay: The Unstoppable Force of Managed Services - There's no denying that IT managed services are being embraced across businesses of all sizes as a path to achieve business goals. As technologies becomes increasingly complex and the lines between siloed architectures become blurred, companies are ...
4 months ago Feedpress.me
Webex announces comprehensive Device Management Capabilities with Phonism integration - Webex is excited to announce a comprehensive solution for 3rd party Device Management referred to as 'Partner Managed Devices. ' Partner Managed Devices allows Webex Cloud Calling offers to support a flexible Device Management strategy. With this ...
10 months ago Feedpress.me
The Momentum, the Margin and the "Magic" with Cisco MSP Partners - The momentum of Cisco's Managed Service Provider partners is undeniable. A recent Canalys study¹ indicates that a striking 79% of partners anticipate growth in this sector in 2023, with 56% expecting growth rates to exceed 10%. By 2027, the managed ...
10 months ago Feedpress.me
CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
2 years ago
Why BYOD Is the Favored Ransomware Backdoor - These devices exist outside of direct corporate management and provide a ransomware gang with unchecked platforms for encrypting data. Microsoft's fourth annual Digital Defense Report for 2023 reveals that 80% of all ransomware compromises come from ...
8 months ago Esecurityplanet.com
Managed Ransomware Detect & Respond Offering From Zyston - PRESS RELEASE. DALLAS, Jan. 24, 2024 /PRNewswire-PRWeb/ - Zyston, a leading Managed Security Services Provider based in Dallas, Texas, is excited to introduce Managed Ransomware Detect and Respond, a co-managed solution designed to mitigate risk and ...
8 months ago Darkreading.com
Claroty Team82: 63% of Known Exploited Vulnerabilities Tracked by CISA Are on Healthcare Organization Networks - PRESS RELEASE. NEW YORK and ORLANDO, Fla., March 12, 2024/PRNewswire/ -Claroty, the cyber-physical systems protection company, released today at the annual HIMSS24 conference a new report that uncovered concerning data about the security of medical ...
6 months ago Darkreading.com
Benefits and challenges of managed cloud security services - Too many organizations lack the in-house cloud security expertise and resources needed to protect cloud assets effectively. One option to address these challenges is managed cloud security. Outsourcing cloud security to a third party not only helps ...
7 months ago Techtarget.com
Coming Soon to a Network Near You: More Shadow IoT - News of former Microsoft head of product Panos Panay's exit caused a small stir in the tech industry when it was learned he would join Amazon to lead that company's product division. Precisely what Amazon and Panay have in mind for that ecosystem has ...
9 months ago Securityweek.com
Cyber security isn't simple, but it could be The Register - Sponsored Feature Most experts agree cybersecurity is now so complex that managing it has become a security problem in itself. Hackers targeted weaknesses in isolated systems such as email, office applications or Windows PCs and so it made perfect ...
9 months ago Go.theregister.com
IoT Security for Business: Safeguarding Connected Devices - In this discussion, we will explore the significance of IoT security for businesses and effective strategies for safeguarding connected devices. With the increasing number of connected devices in business environments, the need for effective IoT ...
8 months ago Securityzap.com
CVE-2022-22774 - The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer ...
2 years ago
Grow and Differentiate Your Business with Expanded Managed Security Solutions - Security continues to be top-of-mind for today's global enterprises, confirmed in both the 2022 Global Hybrid Cloud Trends Report and the 2023 Global Networking Trends Report from Cisco. Our Global Networking Trends Report also found that when ...
8 months ago Feedpress.me
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
10 months ago Cnn.com
IoT Security: Safeguarding Business IoT Devices - The security of IoT devices is of utmost importance as businesses increasingly rely on them to streamline operations and enhance productivity. In this discussion, we will explore the importance of IoT security in safeguarding business IoT devices and ...
7 months ago Securityzap.com
CVE-2017-12308 - A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The ...
4 years ago
CVE-2017-12307 - A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. ...
4 years ago
The key to connected care excellence - Antoinette Hodes is a Global Solutions Architect, specializing in IoT, and serves as an Evangelist with the Check Point Office of the CTO. She has worked as an engineer in IT for over 25 years and is an experienced security solutions architect in the ...
9 months ago Blog.checkpoint.com
IoT Security in the Age of Cyber Threats - These vast neural networks enable IoT devices to seamlessly connect the mundane and the sophisticated into the digital fabric of the internet. This range of devices includes everything right from kitchen appliances and industrial machinery to smart ...
9 months ago Feeds.dzone.com
Top 6 Managed Detection & Response Providers in 2024 - The best MDR solutions in the industry typically offer features like threat hunting, alert management, and digital forensics. To help you select the best MDR for your organization, we've analyzed solutions from leading providers and narrowed the list ...
4 months ago Esecurityplanet.com
MIPS chips targeted by new P2Pinfect malware in Redis server and IoT-based attacks - A new variant of P2Pinfect has been observed targeting embedded IoT devices based on 32-bit MIPS processors, malware that aims to bruteforce Secure Shell access to these devices. Written in Rust, the P2Pinfect malware acts as a botnet agent, ...
10 months ago Packetstormsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)