North Korea’s Native OS Is Not Safe, Hackers Say

What is red star OS?

Red Star is North Korea’s own operating system. Based on Linux, the development cycle began back in 1998 at the Korea Computer Center (KCC). Up until today, version 1.0 is still the most widely used in the country despite that version 3.0 has been released over three years ago. For a brief insight on how exclusive Red Star is, we’ll let you know that it only supports North Korean, with its own dedicated terminology and spelling. Not even English is available.

Red Star OS features a wide range of software such as a native text-editor, e-mail client, audio and video players and its own browser. With this being said, the latter is the main source of problems. Naenara (“my country” in Korean) is a browser based on Mozilla Firefox in which Hacker House discovered the important error that opens up the door for malicious individuals, just by clicking on a suspicious link.

My country, my bad

The problem found in Naenara is related to the way the browser deals with links. According to Hacker House “whilst probing for vulnerabilities it was noticed that registered URL handlers were passed to a command line utility “/usr/bin/nnrurlshow”. Furthermore “this application (…) takes URI arguments for registered URI handlers when handling application requests such as ‘mailto’ and ‘cal’. Naenara doesn’t sanitize the command line when handling these URI argument requests and as such you can trivially obtain code execution by passing malformed links to the nnrurlshow binary.”

To put it simply, an attacker can easily get access to a computer by making the victim click on a link which points to mailto:’cmd’. However, the good news for Koreans is that one must consider the country’s own intranet and how implausible it is for a foreign attacker to explore this browser vulnerability.