Lifting the Fog on Red Star OS: A deep dive into the surveillance features of North Korea's operating system

Presented at 32C3 (2015), Dec. 27, 2015, 4 p.m. (60 minutes)

Angae means "Fog" in Korean. The term is widely used in parts of custom code used by the Red Star OS. We will lift the fog on the internals of North Korea's operating system. Our talk will provide information about how privacy is invaded for all users of Red Star OS and how an operating system designed by a totalitarian dictatorship works. In 2014 the version 3 of North Korea's Red Star operating system was leaked. It is based on Linux and has the look and feel of a Mac. There is also a server version available. We will start the presentation by giving a general overview and presenting findings that already hit the net during the last year, like research on Red Star’s custom browser and its configuration. The focus of the presentation is to explain in depth how the architecture of the components is made up and to give a detailed overview of the privacy invading custom code implemented into the OS. The system is designed to defend and protect itself from changes made from user space. We will analyze the interaction of the components and the protection mechanisms and provide information on how to deactivate some of the malicious functionality of Red Star OS. North Korea abuses the principals of free software to provide an operating system that suppresses free speech. Therefore we think it is necessary to disclose this information to the public and present the audience on how to get around the limitations introduced by North Korea. Investigating functionality that can be used to invade the privacy of users was our primary goal. We found that the features implemented in Red Star OS are the wet dream of a surveillance state dictator. It provides a set of surveillance features like the capabilities to watermark different types of files that can be used to track the distribution of documents and multi-media files. We will have an in depth look on how some of these features built the foundation for a suppressive state in a modern world.


  • Niklaus Schiess
  • Florian Grunow
    Florian arbeitet als Security Analyst bei der Firma ERNW. Er ist dort im Team Application Security. Florian hat einen Bachelor in Medizinischer Informatik und einen Master in Software Engineering. Seine Bachelor Arbeit hatte die IT-Sicherheit von Krankenhäusern zum Thema.


Similar Presentations: