North Korea’s Red Star OS Reveals Poor Development Skills

North Korea has been in the news often since the Sony Hack. Their suspected role in the attack has attracted large amounts of attention from researchers and other malicious hackers. This included several Denial-of-Service attacks that brought down the entire country’s internet.

Recently the latest version of N. Korea’s own home-grown OS, known as Red Star OS, was leaked – and that had many people interested to play with it. It is a Linux distribution based off an old Red Hat version, with the desktop using KDE to simulate a Mac environment, though the previous version looked like Windows XP.

They also use their own internet browser (called Naenara) with some unique settings. It turns out that the entire North Korean internet is actually a giant intranet. They presumably use the private address space to aid in monitoring activities. They also seem to default to static IPs during installation, suggesting that even the home user must get the info from a government sysadmin. This maintains control for the government, and also seems to indicate that the government does not worry about citizens hacking each other. The OS also needs an activation key, at least for the server version. This may mean that they either have a problem with pirating, or feared it could be used outside of the country.

Besides all these fun features, Red Star OS is not without its flaws. The last major release (and still the most used one currently) has a hole in the rc.sysint file, which controls the programs that run at boot. This means malware (or government spyware) can be remotely added and ensured to run every time the computer turns on. There is another even more serious flaw in the latest version in an HP Printer InkJet device manager that allows the user to escalate to root. These are quite massive security holes from the OS, which among other less serious problems, point to poor development processes.

All this makes me wonder whether North Korea could have pulled off the Sony Hack, when they could not do their own Pen Test on their OS by their team of “world-class hackers”. Possibly they are just an easy scapegoat to increase viewership to make the best of a really bad situation.

Comment below to let me know what you think!’