A group of hackers managed to break into Red Star OS — North Korea’s government sanctioned Linux-based OS — using just a link.
Red Star OS is North Korea’s own homegrown OS that looks remarkably just like Apple’s OS X and gives North Korean authorities more control over the computers, providing not only security but also spying tools that help track files in a way that if the government wants, every bit of user’s data can be traced easily.
The latest version of Red Star OS ships with a Firefox-based web browser called Naenara, and according to researchers, the “trivial remote exploit attack vectors” contained in the web browser allows attackers to hack into the system.
Here’s how the exploit work:
The Hacker House hackers exploited a particular Red Star application that handles Uniform Request Identifiers (URI) – a string of characters used to identify resources in a network.
Since this particular URI does not remove requests from the application’s command line, hackers could “trivially obtain code execution” just by injecting malicious links into the command line.
“Whilst probing for vulnerabilities it was noticed that registered URL handlers were passed to a command line utility ‘/usr/bin/nnrurlshow.’ This application (aside from having null ptr de-refs and other cute bugs) takes URI arguments for registered URI handlers when handling application requests such as ‘mailto’ and ‘cal,’ the Hacker House hackers explains.
“Naenara doesn’t sanitize the command line when handling these URI argument requests and as such you can trivially obtain code execution by passing malformed links to the nnrurlshow binary.”
In short, this security flaw can be used easily to install malware or exploit PCs running the Red Star operating system.
Rival South Korea has long blamed North Korea for mounting various cyber attacks against its government, military, and other organizations.
Just recently, the South Korean military blamed North Korea for breaching its military cyber command. A spokesman for the military cyber command told BBC that classified information was thought to have been stolen, although it’s not clear exactly what data was accessed.