Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday July 21 2015, @03:19AM   Printer-friendly
from the you-didn't-really-trust-them-did-you? dept.

ERNW security analyst Florian Grunow says North Korea's Red Star Linux operating system is tracking users by tagging content with unique hidden tags.

The operating system, developed from 2002 as a replacement for Windows XP, was relaunched with a Mac-like interface in 2013's version three. The newest version emerged in January 2015.

Grunow says files including Microsoft Word documents and JPEG images connected to but not necessarily executed in Red Star will have a tag introduced into its code that includes a number based on hardware serial numbers.

"When analysing the OS the first thing that came to our attention is that they have built an own kernel module named rtscan. There is a binary running that is named opprc and a few more binaries, one that seems to simulate/pretend to be some kind of 'virus scanner' and seems to share some code base with opprc," Grunow says.

"The first thing that came to our attention when looking at the functions in the binary was gpsWatermarkingInformation.

"Creating and using media files and documents on RedStar OS can get you into trouble if you are living in North Korea; do not assume that the files can be kept private and cannot be traced back to the creator."

Grunow says the operating system does not watermark files created with the open source OpenOffice word processing suite.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by pkrasimirov on Tuesday July 21 2015, @06:05AM

    by pkrasimirov (3358) Subscriber Badge on Tuesday July 21 2015, @06:05AM (#211781)

    Is it illegal to recompile the kernel or unload modules?
    ----
    > pretend to be some kind of 'virus scanner'
    In Soviet Korea the virus is YOU!

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 5, Informative) by Marand on Tuesday July 21 2015, @06:34AM

    by Marand (1081) on Tuesday July 21 2015, @06:34AM (#211784) Journal

    Is it illegal to recompile the kernel or unload modules?

    Unless something changed recently, Red Star is distributed Android-style, where the end-user doesn't have root without using privilege-escalation exploits, so that would not be an option for most. Not impossible, though; when the last version got leaked, researchers found an extremely trivial udev exploit caused by how they set things up. Of course, with the way NK controls information, the knowledge of that is probably not widespread there still.

    • (Score: 3, Interesting) by jmorris on Tuesday July 21 2015, @04:50PM

      by jmorris (4844) on Tuesday July 21 2015, @04:50PM (#211991)

      I'd be more worried about the fact you probably only get one try to get root. If a product here phoned home every time somebody tried to get root the manufacturers would quickly stop doing it to end the effective DDOS they had unwisely called down. Slightly different result in a beacon of progress like North Korea. Don't worry though, North Korea is just the vanguard and that sort of effective, progressive government will get to everyone else soon enough.

      Hacking root generally isn't worth seeing your three generations of your family put in forced labor camps. That is how they handle dissidents there, and breaking their DMCA style content controls is considered a political act. And yes, that is basically what this is, control of content by controlling the PC.