A Brief Overview of the Red Star OS 3.0 Security Flaw

Transcript

1. “HEADS UP, DEAR LEADER: SECURITY HOLE FOUND IN NORTH KOREA’S

   HOME-GROWN OS” SEAN GALLAGHER, ARS TECHNICA

2. “ATTACKING 'RED STAR': LEAKS SHOW JUST HOW EASY IT MIGHT

   BE TO HACK NORTH KOREA” THOMAS FOX-BREWSTER, FORBES

3. RED STAR OS FIRST RELEASED IN 2003 LINUX DISTRO BASED

   ON RED HAT

4. MOST OF NORTH KOREA’S CONNECTIVITY COMES FROM NETWORKS ISOLATED FROM

   THE REST OF THE WORLD. IT’S HARD TO SAY FOR SURE, BUT SOME BELIEVE THAT THE OS ISN’T RUN BY MANY INDIVIDUALS, BUT BY ORGANIZATIONS. MANY INDIVIDUALS RUN VERSIONS OF WINDOWS XP.

5. RED STAR 3.0

6. VERSION 3.0 RELEASED SUMMER 2013 DESIGNED TO LOOK LIKE APPLE’S

   OS X PREVIOUS VERSIONS DESIGNED TO LOOK LIKE WINDOWS
7. None

8. 3.0 RECENTLY APPEARED ON TORRENT SITES AS A FULL OS

   INSTALLER.

9. THE FLAW ALLOWS A USER ACCESS TO ROOT PRIVILEGES; THIS

   IN TURN GIVES THEM THE CAPABILITY TO DISABLE SECURITY RESTRICTIONS IN PLACE BY THE GOVERNMENT.

10. A RULE FILE FOR A BUILT-IN GENERIC KERNEL DEVICE MANAGER

    IS WORLD-WRITEABLE. THIS RULE FILE WAS ORIGINALLY INTENDED FOR AN HP LASERJET 1000 PRINTER. THE RULE FILE CAN BE MODIFIED TO RUN COMMANDS WITH ROOT ACCESS.

11. WITH SUCH A SMALL NUMBER OF PEOPLE USING RED STAR

    3.0, THE DEVELOPERS MAY NOT HAVE FOUND THE FLAW IN THE BASIC SECURITY.

12. THERE IS SPECULATION THAT THE FLAWS IN RED STAR ASSISTED

    THE FBI IN PINNING THE BLAME ON NORTH KOREA FOR THE SONY PICTURES HACK LAST DECEMBER.

13. THIS MAY SIGNIFY THAT MANY COMPUTERS IN NORTH KOREA ARE

    EASY TARGETS. THAT MAY ALSO BE THE POINT. ERRORS LIKE THIS ONE HAVE PLAGUED EARLIER VERSIONS OF RED STAR.

14. REFERENCES FOX-BREWSTER, THOMAS. "ATTACKING 'RED STAR': LEAKS SHOW JUST HOW

    EASY IT MIGHT BE TO HACK NORTH KOREA." FORBES. FORBES MAGAZINE, 9 JAN. 2015. WEB. 12 JAN. 2015. GALLAGHER, SEAN. "HEADS UP, DEAR LEADER: SECURITY HOLE FOUND IN NORTH KOREA’S HOME-GROWN OS." ARS TECHNICA. 9 JAN. 2015. WEB. 12 JAN. 2015.