A fatal security hole is found in North Star's proprietary Mac OS X style OS "Red Star"

North KoreasmartphoneYaTabletWe develop our own, and sell it in Japan. In North Korea, not only hardware but also proprietary operation system (OS) for PC "Red Star OSAlthough it is also developing, there is a fatal security hole in this OS, and it became clear that anyone can easily gain the administrator's authority in a simple way.

Heads up, dear leader: Security hole found in North Korea's home-grown OS | Ars Technica
http://arstechnica.com/information-technology/2015/01/heads-up-dear-leader-security-hole-found-in-north-koreas-home-grown-os/


Red Star OS first appeared in 2003. "Linux distribution"Red Hat Linux"Is the base and it is also the origin of the name. When the existence of Version 2.0 of Red Star OS became clear in 2010, a lot of screen shots were released.

Version 2.0 was finished in UI that considers Windows.



There are many screenshots of Red Star OS version 2.0 in the following articles.

North Korea developed its own domestically produced OS "Red Star", technically "10 years behind" - GIGAZINE


After that, version 3.0 was released in 2013, and it is the latest version at the present time. In version 3.0, the desktop screen has been redesigned to the Mac OS X style design and it has evolved to a fairly contemporary look.


The Red Star OS has security capabilities that can withstand attacks from abroad, and the government side can forcibly restrict user's access. However, a security investigator who obtained version 3.0 of the latest version of Red Star OS tested the OS, as a result of which the Red Star OS has a fatal security hole, it is easy to make the user's authority administrator authority , And it became clear that all security measures established by North Korea can be easily avoided.

A fatal security hole means that anyone can access the system from the permission setting of the key file and execute the command as administrator authority. A security researcher who discovered this problem said, "Linux based Red Star OS 3.0UdevIt is equipped with a management tool called "RUN + =" at the top of "/ etc / udev / rules.d / 85 - hplj 10 xx.rules", it is possible to modify the file with the administrator authority of Udev.d I will comment. "

The "85-hplj 10xx.rules"HP LaserJet 1000 PrinterA rule set related to a driver for USB connection, another rule setLinux DistributionBut what is commonly used. And Udev.d is the hardware of LinuxHot plugIt is a general kernel for checking.

Ars Technica said, "The existence of such misconfiguration implies that there will be other security holes in North Star's official OS, Red Star OS" It is.