Disclaimer: We sustain our work & review products through paid collaborations.
North Korea’s Native OS Is Not Safe, Hackers Say

North Korea’s Native OS Is Not Safe, Hackers Say


We all know how North Korea is such a closed country. In fact, this is one of the places where government surveillance and internet censorship is the highest in the world. Besides only granting internet access in a handful of specific places like universities, North Korea has gone even further and designed their own intranet and operating system. The latter, called Red Star, is one of Kim Jong Un regime’s crowning achievements and was believed to be one of the safest operating systems in the world too. However, what was initially designed to protect the information of North Korea citizens, quickly turned out to be vulnerable and easily breakable, according to security experts.

What is red star OS?

Red Star is North Korea’s own operating system. Based on Linux, the development cycle began back in 1998 at the Korea Computer Center (KCC). Up until today, version 1.0 is still the most widely used in the country despite that version 3.0 has been released over three years ago. For a brief insight on how exclusive Red Star is, we’ll let you know that it only supports North Korean, with its own dedicated terminology and spelling. Not even English is available.

Red Star OS features a wide range of software such as a native text-editor, e-mail client, audio and video players and its own browser. With this being said, the latter is the main source of problems. Naenara (“my country” in Korean) is a browser based on Mozilla Firefox in which Hacker House discovered the important error that opens up the door for malicious individuals, just by clicking on a suspicious link.

My country, my bad

The problem found in Naenara is related to the way the browser deals with links. According to Hacker House “whilst probing for vulnerabilities it was noticed that registered URL handlers were passed to a command line utility “/usr/bin/nnrurlshow”. Furthermore “this application (…) takes URI arguments for registered URI handlers when handling application requests such as ‘mailto’ and ‘cal’. Naenara doesn’t sanitize the command line when handling these URI argument requests and as such you can trivially obtain code execution by passing malformed links to the nnrurlshow binary.”

To put it simply, an attacker can easily get access to a computer by making the victim click on a link which points to mailto:’cmd’. However, the good news for Koreans is that one must consider the country’s own intranet and how implausible it is for a foreign attacker to explore this browser vulnerability.


Best VPN services of 2025

Editor's choice

NordVPN

Editor's rating:
Easy to use on any device
Extra privacy and file sharing
Comprehensive online protection
Fast and reliable connections
Security

Surfshark

Editor's rating:
Easy to use everywhere
Enhanced online privacy
Fast and secure connections
Protect unlimited devices
Multi-device users

IPVanish

Editor's rating:
Protect all your devices
Ensures user privacy
Help anytime you need it
Strong online protection
Gaming

ExpressVPN

Editor's rating:
Works on all major platforms
Fast, smooth browsing
Easy for anyone to use
Added features for flexibility
Traveling

CyberGhost VPN

Editor's rating:
Enhanced privacy and security
Fair prices
Flexible IP address options
Protects all your devices
Streaming

ZoogVPN

Editor's rating:
Affordable VPN solution
Fast and stable connections
Straightforward platform
Protects your online privacy
Torrenting

Private Internet Access

Editor's rating:
Multiple device compatibility
Keeps your IP address private
Suitable for all users
Tailor settings to your needs
Beginners

TunnelBear

Editor's rating:
Intuitive and easy to use
Extra privacy and security
Blocks trackers and ads
Smooth, fast browsing

Discussions

Share your thoughts, ask questions, and connect with other users. Your feedback helps our community make better decisions.

©2012-2025 Best Reviews, a clovio brand – All rights reserved