Woolim – Lifting the Fog on DPRK's Latest Tablet PC

Presented at 33C3 (2016), Dec. 27, 2016, 11 p.m. (60 minutes).

Last year we have been talking about DPRK’s operating system Red Star OS and its surveillance features. We have identified a watermarking mechanism and gave an insight on the internals of the operating system itself. This year we will be talking about one of DPRK’s Tablet PCs, called Woolim.

The tablet PC contains a similar watermarking mechanism that can be used to track and prevent the distribution of unwanted media files in a more advanced and effective way. In addition, Woolim contains a remarkable hardening and jails the user to protect the integrity of the system. The tablet itself and the Apps that are preinstalled provide a rare insight into DPRK’s development in the IT sector. We will lift the fog on the internals of Woolim and provide a deep dive into the internals of the tablet PC.

Over the past years DPRK released several different tablet PCs. This talk will focus on what seems to be the latest device called Woolim (울림), which is the Korean word for „echo“. It was build in late 2015 and the device is an outstanding piece of technology designed to jail users to predefined functionality and track the user's behavior.

We will start by giving an introduction to the hardware specifications of the tablet. The device is equipped with a wide variety of applications. Users are able to read and create documents, watch movies, visit websites and play games. There are also a bunch of dictionaries on the device. We will give an introduction to the most interesting applications and features of the tablet.

The applications that come with Woolim give a rare insight into how technology is used and distributed in DPRK. All of the applications on Woolim have been touched by DPRK, even games like Angry Birds have been modified. The features implemented to jail the user and protect the integrity of the system will also be in focus for this talk.

We have published a detailed analysis of a watermarking mechanism in DPRK’s Red Star OS last year, speculating that the code in Red Star OS already contains some preparations for a far more sophisticated watermarking mechanism. We have identified such advanced mechanisms in Woolim and will give a technical insight on how they prevent distribution of unwanted media more effectively.

DPRK continues to develop surveillance technology that is hidden inside consumer hardware. It’s goal seems to be to enable total control of it’s users in terms of tracking the distribution of media files and preventing unwanted information in the DPRK ecosystem. Implementing such features into smartphones or tablet PCs like Woolim allows even more effective surveillance of DPRK citizens. Therefore, we will try to shed some light on the privacy invading features of Woolim.


Presenters:

  • Florian Grunow
    Florian works as a Security Analyst at ERNW in Heidelberg. He leads a team that is performing security assessments. Florian holds a Bachelor’s degree in Medical Computer Sciences and a Master’s degree in Software Engineering. He works as a Security Analyst and team lead at ERNW, performing application and infrastructure assessments. His research focus is the security of medical devices. He is a member of CCC Mannheim e. V.
  • Niklaus Schiess
    Niklaus is working as a Security Analyst for ERNW GmbH based in Heidelberg, Germany. Application and network security are the main focus of his work but he also enjoys writing code and occasionally participates in CTFs.
  • Manuel Lubetzki
    Manuel has worked as a security researcher at ERNW mainly focusing on web application security. He is specifically interested in reverse engineering, wireless security and artificial intelligence. Currently he’s studying at the university of Tübingen.

Links:

Similar Presentations: