advertisement
advertisement

Whoops: North Korea’s Totalitarian OS Has A Huge Security Flaw

A recently uncovered loophole lets anyone use the Red Star OS with ‘root’ level permissions.

Whoops: North Korea’s Totalitarian OS Has A Huge Security Flaw
[Photo: Flickr user (stephan)]

North Koreans are not supposed to have much control over their computers. But even for a totalitarian regime hell-bent on restricting the lives of its citizenry, security can be a bitch. Apparently, the country’s state-developed operating system has a security flaw that could give users much more control than they’re meant to have. Whoopsie!

advertisement
advertisement

Red Star 3.0, the latest version of North Korea’s government-issued operating system, reportedly has a loophole that lets users get “root” level access to the OS. In other words, a savvy enough person could achieve the highest possible level of administrative permissions and, in theory, make major, high-level changes to the system and how it works.

As Ars Technica explains:

… A mistake made in permissions settings on a key file that allows anyone with access to the system to run commands as root. “Red Star 3.0 desktop ships with a world-writeable udev rules ‘/etc/udev/rules.d/85-hplj10xx.rules’ which can be modified to include ‘RUN+=’ arguments executing commands as root by udev.d,” the researcher wrote.

… Because the permissions on that file are set as “world writable,” any user regardless of permission levels could make changes to the rules to activate it for any device and execute any command they wanted with system-level privileges.

In theory, this exploit could enable users to circumvent government restrictions and bypass the state surveillance that is widely presumed to be looming over citizens as they click away on computers running Red Star. It’s not clear how likely it is for either of these scenarios to play out, but the flaw certainly sets the stage.

This is precisely the sort of thing Red Star is designed to prevent. The operating system is built on a security-enhanced version of Red Hat Linux. As Fast Company‘s Michael Grothaus explained in a story last year, the OS “implements mandatory access controls that enable the government’s programmers to limit the modifications users could make to the system.”

The country infamously does not grant its citizens access to the World Wide Web (or the world) as we know it, but rather lets people surf a severely limited, state-controlled network of pages.

The mysterious, creepily propagandistic operating system was a total enigma until a few years ago when a Russian student uploaded a version of it to the web and it started making the rounds on torrent sites and the like.

advertisement

Aside from allowing foreigners to gawk at obviously Photoshopped, proudly militaristic desktop wallpapers, the widespread availability of Red Star allows security researchers to poke holes in the system and find flaws like this. But of course, the only North Koreans likely to even find out about it are the country’s leaders. The average citizen there can’t gain access to Ars Technica or Fast Company.

advertisement
advertisement

About the author

John Paul Titlow is a writer at Fast Company focused on music and technology, among other things. Find me here: Twitter: @johnpaul Instagram: @feralcatcolonist

More