North Korea for all of its virtues, is not a country that is known for a thriving software industry, but did you know that they have their own homegrown operating system? Well they do and it’s called Red Star OS. The Democratic People’s Republic of Korea (DPRK) first launched the OS, which is based on Red Hat Linux, in 2003 and version 3.0 was released sometime in the summer of 2013. Red Star OS Desktop 3.0 recently leaked out of the DPRK though and found its way onto, you guessed it, torrent sites.
After taking a look at the OS, a security researcher knowns as “Hacker Fantastic” has let us know about a security vulnerability in the Red Star OS, that gives full root (administrator) access to the system: “Red Star OS 3.0 desktop & 2.0 desktop ship with local privilege escalation vulnerabilities due to insecure files permissions on configuration and script files executed with root privileges.”
It seems that the culprit in this case is some misconfigured permissions for a printer driver, a Hewlett-Packard LaserJet 1000 in this case. This driver can be executed and modified to execute arguments, ending up with commands running as with root privileges. For any other mainstream OS, this would be considered a critical vulnerability and would be patched as soon as possible.
Lets hope that the DPRK can issue a security update soon so that they can be protected against any intrusions, as we wouldn’t want Kim Jong-un’s private emails to leak, in a similar way to what happened in the Sony hack, or the whole countries internet to go down…
Discuss on our Facebook page, HERE.
KitGuru Says: Now that Red Star OS has leaked I would expect that there will be a lot of security researchers looking at the OS trying to find vulnerabilities, but most of these are probably already known by the NSA. Besides there is only one internet cafe in DPRK anyway and with no firm number on how many users Red Star OS has, we can assume any security issues such as this can be safely ignored, for everyone outside of North Korea at least.