North Korea's Red Star OS leaves the government in control of computers
Based on Fedora Linux, you might expect North Korea's Red Star OS to be a secure operating system. It's not -- at least not by most people's standards. Like China, the socialist state is keen to embrace the power of the internet, but wants to retain control over is citizens. This s exactly what Red Star OS enables the government to do.
Germany researchers from the security company ERNW have probed Red Star OS, examined the code and determined that it is a home grown operating system that leaves the government in control of many aspects of its use, including encryption. It has been suggested that North Korea is paranoid that the west will try to infiltrate through software, but it is North Korean citizens that should be more worried.
Speaking to Reuters, researchers Florian Grunow and Niklaus Schiess say that Red Star OS is the realization of Kim Jong Il's dream of building a North Korean operating system. So panicked is Pyongyang about Western influence and spying, that rather than embracing the internet as most of us know it, it instead relies on its own basic intranet to provide access to officially sanctioned websites.
Grunow says that Red Star OS is "a full blown operating system where they control most of the code". Drilling down into the code, the researchers were able to determine that the OS had basically been built from the ground up and includes feature that prevent the technically minded from bypassing any restrictions that have been put in place:
The Red Star operating system makes it very hard for anyone to tamper with it. If a user makes any changes to core functions -- like trying to disable its antivirus checker or firewall -- the computer will display an error message, or reboot itself.
One of the more invasive and concerning feature of the operating system is the way in which it watermarks every file found on a computer and the drives connected to it. This makes it possible to trace files back to individual users -- something which the government uses to crack down on legal file sharing. Grunow warns:
It's definitely privacy invading, it's not transparent to the user. It's done stealthily, and touches files you haven't even opened.
Grunow and Schiess are presenting their full findings to the Chaos Communication Congress in Hamburg today.