Google Working on Fix For SH1MMER Exploit That Can Unenroll Chromebooks (scmagazine.com) 18
Neowin reports on "a potentially dangerous exploit capable of completely unenrolling enterprise-managed Chromebooks from their respective organizations" called SH1MMER.
The Register explains where the name came from — and how it works: A shim is Google-signed software used by hardware service vendors for Chromebook diagnostics and repairs. With a shim that has been processed and patched, managed Chromebooks can be booted from a suitably prepared recovery drive in a way that allows the device setup to be altered via the SH1MMER recovery screen menu....
In a statement provided to The Register, a Google spokesperson said, "We are aware of the issue affecting a number of ChromeOS device RMA shims and are working with our hardware partners to address it."
"Google added that it will keep the community closely updated when it ships out a fix," reports SC Magazine, "but did not specify a timetable." "What we're talking about here is jailbreaking a device," said Mike Hamilton, founder and chief information security office of Critical Insight, and a former CISO for the city of Seattle who consults with many school districts. "For school districts, they probably have to be concerned about a tech-savvy student looking to exercise their skills...."
Hamilton said Google will need to modify the firmware on the Chromebooks. He said they have to get the firmware to check for cryptographic signatures on the rest of the authorization functions, not just the kernel functions — "because that's where the crack is created to exploit it. I think Google will fix this quickly and schools need to develop a policy on jailbreaking your Chromebook device and some kind of penalty for that to make it real," said Hamilton. "Schools also have to make sure they can detect when a device goes out of policy. The danger here is if a student does this and there's no endpoint security and the school doesn't detect it and lock out the student, then some kind of malware could be introduced. I'm not going to call this a 'nothingburger,' but I'd be very surprised if it showed up at any scale."
Thanks to Slashdot reader segaboy81 for submitting the story.
The Register explains where the name came from — and how it works: A shim is Google-signed software used by hardware service vendors for Chromebook diagnostics and repairs. With a shim that has been processed and patched, managed Chromebooks can be booted from a suitably prepared recovery drive in a way that allows the device setup to be altered via the SH1MMER recovery screen menu....
In a statement provided to The Register, a Google spokesperson said, "We are aware of the issue affecting a number of ChromeOS device RMA shims and are working with our hardware partners to address it."
"Google added that it will keep the community closely updated when it ships out a fix," reports SC Magazine, "but did not specify a timetable." "What we're talking about here is jailbreaking a device," said Mike Hamilton, founder and chief information security office of Critical Insight, and a former CISO for the city of Seattle who consults with many school districts. "For school districts, they probably have to be concerned about a tech-savvy student looking to exercise their skills...."
Hamilton said Google will need to modify the firmware on the Chromebooks. He said they have to get the firmware to check for cryptographic signatures on the rest of the authorization functions, not just the kernel functions — "because that's where the crack is created to exploit it. I think Google will fix this quickly and schools need to develop a policy on jailbreaking your Chromebook device and some kind of penalty for that to make it real," said Hamilton. "Schools also have to make sure they can detect when a device goes out of policy. The danger here is if a student does this and there's no endpoint security and the school doesn't detect it and lock out the student, then some kind of malware could be introduced. I'm not going to call this a 'nothingburger,' but I'd be very surprised if it showed up at any scale."
Thanks to Slashdot reader segaboy81 for submitting the story.
So it's a way... (Score:5, Funny)
... to break the unit free? Sounds like Chromebooks actually want to be computers...
Re: (Score:2)
Only needed for the ones enrolled in MDM i.e. fuckloads of schools.
Re: (Score:2)
> Only needed for the ones enrolled in MDM i.e. fuckloads of schools.
Oh, cool - I bought two ex-school devices from a recycler and they're useless.
Re: (Score:2)
Well, there you go, just use the sh1mmer exploit, duh! /s
Re: (Score:1)
... to break the unit free? Sounds like Chromebooks actually want to be computers...
The typical Chromebooks which are issued by schools are of such low hardware specifications that it really doesn't make much sense to "jailbreak" them. As the TFS states, people who futz around with these things are typically doing so to see if they can, not because they actually have any need for a low-end laptop.
If you truly just want a terrible laptop, Best Buy has this one for $110 [bestbuy.com]. No need to risk getting in trouble with your school or employer by hacking your Chromebook.
Re: (Score:3)
that it really doesn't make much sense to "jailbreak" them.
Except if they're kids and want to run Apps on their Chromebook that are not approved by the school, or in order to circumvent filtered content categories such as websites about video games, etc. They (1) may not have their own money to buy their own crappy laptop, OR (2) They might only be allowed to bring their school-issued Chromebook into certain settings - for example, the Wireless password is not available... only their school-issued d
Re: (Score:2)
Re: (Score:2)
> If you truly just want a terrible laptop, Best Buy has this one for $110 [bestbuy.com]. No need to risk getting in trouble with your school or employer by hacking your Chromebook.
Or you can buy five Chromebooks from a recycler for the same money and five kids can get a real laptop running a basic linux.
Less e-waste, more learning.
Re: (Score:1)
Or you can buy five Chromebooks from a recycler for the same money and five kids can get a real laptop running a basic linux.
Chromebooks purchased from a legitimate recycler should already be properly de-enrolled. I agree that it sucks that sometimes schools and businesses get lazy when donating old equipment and don't always bother with properly resetting the machines, but this is something both Google and Apple need to fix (and perhaps the government needs to step in with a regulation to reduce the amount of locked machines that become e-waste). Licensed recyclers should be able to override device enrollment/cloud locks when
Re: (Score:2)
Linux on a chromebook is still pretty buggy. Yes it ran but had problems coming out of power save. Sometimes it would wake up and sometimes the screen was black and needed a hard power reset. Sleep mode would also drain the battery much faster than chrome os. Sound was also buggy and needed some patches and kernel tweaks. This wasn’t even a new chromebook but one that was 4 years old. Not worth it at all.
Dilbert (Score:2)
AI Org Chart [dilbert.com] [2023-02-02]:
Dilbert:
You left your proposed reorg chart in the printer.
All of the boxes below you are labeled "A.I." or "Robot."
Something is conspicuously missing.
PHB:
Nepotism?
Re: (Score:2)
It's like a casino (Score:2)
Re: (Score:2)
They do not own the device, it's owned by their school/workplace/whatever.
The school/workplace dictates what they are allowed to do with it.
There may be no crime as such, but certainly the school/workplace could claim the device has been vandalized/damaged and the user should pay for the school/workplace to RMA for repairs or purchase a replacement.
Local Access (Score:2)
My Cr-48 has a developer mode and as a RW firmware mode you can enable by opening the case and flipping a switch or ungrounding a contact respectively. So I have installed Ubuntu on it (oddly enough Chrome OS Flex does not boot, despite claiming hardware from as far back as 2010 should be OK). But I understand many retail models omit these features so that limits what you can do even if you open the case. So at that point it starts to become a Ship of Theseus problem as you have to replace internal componen