A new exploit called ‘Sh1mmer’ allows users to unenroll an enterprise-managed Chromebook, enabling them to install any apps they wish and bypass device restrictions.
When Chromebooks are enrolled with a school or an enterprise, they are managed by policies established by the organization’s administrators. This allows admins to force-install browser extensions, apps, and to restrict how a device can be used.
Furthermore, once enrolled, it is almost impossible to unenroll the device without the organization’s admin doing it for you.
To bypass these restrictions, security researchers from the Mercury Workshop Team have developed a new exploit called ‘Shady Hacking 1nstrument Makes Machine Enrollment Retreat’, or ‘Sh1mmer,’ that lets users unenroll their Chromebooks from enterprise management.
The exploit requires a publicly leaked RMA shim that the Sh1mmer exploit will modify to allow users to manage the device’s enrollment. The researchers say that the following Chromebook boards are known to have publicly released RMA shims.