North Korea’s government sanctioned Red Star operating system (OS) contains a vulnerability that can allow attackers to hack into it remotely, according to security experts. The reclusive nation’s secretive Linux-based OS was leaked to the world in 2015 and ever since, several critical vulnerabilities have been brought to light.
The latest vulnerability was uncovered by a group of hackers at the security firm Hacker House, who claim that the exposure of North Korea’s OS vulnerability was timed to “mark Red Star’s anniversary leak”. According to the security researchers, the vulnerability allows hackers to remotely access computers running the OS, just by tricking users into clicking on a hyperlink.
“This exploit is a client-side remote exploit which can be triggered from the internet/intranet and used to install malware or exploit computers running Red Star OS just by having a user click a hyperlink,” Hacker House researchers said in a blog.
Researchers claim that the latest version of the Red Star OS comes with a customised Firefox browser called Naenara, alongside other unusual features such as a wine wrapper, that allows users to run Windows 3.1 operations, Motherboard reported. Researchers said that “trivial remote exploit attack vectors” contained within the Naenara browser, allowed attackers to hack into the system.
Hacking House researchers exploited a specific Red Star application, which handles uniform request identifiers (URI), with a series of characters used to identify resources in the network. A resource can be anything that can be identified with an alphanumeric character string: for example, web pages or electronic documents.
Researchers noted that the “mailto” URI request used for email could be exploited by hackers to “execute arbitrary commands”. Hacker House researchers also said that since the “mailto” URI did not remove requests from the application’s command line, hackers could “trivially obtain code execution” by injecting malware links into the command line. This would ensure that users are presented with a regular-looking web link, which when opened, would offer hackers access to remotely carry out commands on users’ computers.
North Korea has long been blamed by rival South for mounting various cyber attacks against its government, military and other organisations. Both nations have accused each other of inciting cyberwar and in a bid to flex muscles, are believed to have been grooming a veritable army of cyber warriors, trained to neutralise attacks.