Red Star OS is an operating system used by the population in North Korea. According to two German researchers from the IT security company ERNW who analyzed it early this year, it is characterized by a high degree of paranoia and invasive surveilling on users.
Florian Grunow and Niklaus Schiess downloaded the software from a website outside North Korea and explored the code in detail.
These are their findings:
If you believe that the North Korean operating system is hacker proof you are wrong, in fact, it can be easily hacked remotely.
According to the experts at security firm Hacker House, the Red Star OS is affected by a critical vulnerability that could be exploited by remote hackers to access the PC. The attacker just needs to trick a victim into opening a link.
“Hacker House team have previously disclosed a number of local root vulnerabilities [3] & [4] in Red Star OS to show how insecure programming practices are in use by the RedStar OS developers. We are sharing another amusing example of this in the form of a remote client-side command injection vulnerability to mark RedStar’s anniversary leak.” reads a blog post published by the Hacker House.”This exploit is a client-side remote exploit which can be triggered from the Internet/Intranet and used to install malware or exploit computers running RedStar OS just by having a user click a hyperlink.”
The latest version of the Red Star OS ships with the web browser Naenara which is the landing point for a remote attacker that wants to take over the system.
The experts exploited a certain Red Star application, the ‘nnrurlshow’, that handles Uniform Request Identifiers (URI), in particular the “mailto” URI ordinarily used for email could be used to remotely “execute arbitrary commands.” The Naenara web browser doesn’t sanitize the command line when handling URI argument allowing attackers to remote execute arbitrary code.
“Whilst probing for vulnerabilities it was noticed that registered URL handlers were passed to a command line utility “/usr/bin/nnrurlshow”. This application (aside from having null ptr de-refs and other cute bugs) takes URI arguments for registered URI handlers when handling application requests such as “mailto” and “cal”. Naenara doesn’t sanitize the command line when handling these URI argument requests and as such you can trivially obtain code execution by passing malformed links to the nnrurlshow binary.” continues the analysis of the experts.
“An attacker can get a user of RedStar OS 3.0 to execute arbitrary commands by enticing them to click on a link which points to “mailto:`cmd`”. Commands will then be executed as arguments when passed to evolution mail. An example of exploitation can be seen in the image below with the output of the “id” command visibly shown in the evolution-based mail client output.”