How do you hack the software and hardware of one of the most secretive and oppressive regimes in the world?
Florian Grunow is a security researcher at ERNW who studies devices and software coming out of North Korea as a side project.
In an interview with Business Insider, Grunow described North Korean technology as “jailed down” and difficult to break into. But he also said the regime was making “amazing” leaps forward in its technical progress.
Last year, he and fellow researchers Niklaus Schiess and Manuel Lubetzki revealed North Korea’s restrictive Woolim (or Wulim) tablet at the Chaos Communications Conference last year.
He also dissected the regime’s homegrown operating system, Redstar OS, at the same conference in 2015. Now he’s examining mobile phone data dumps with an eye to revealing the findings later this year.
Grunow said he was surprised by the progression from the 2013 version of Redstar he examined to the later Woolim tablet. (The operating system was leaked by an unknown Russian student, while the tablet was sent to Grunow and his team by an NGO in South Korea).
In 2015, Grunow spotted a mechanism in the Redstar operating system that could track media files. He expected to find similar “prep code” on the Woolim tablet, but instead found the device was capable of stopping him opening certain media files altogether.
“That was really well implemented,” he said. “I didn’t expect it to be so advanced — it was pretty amazing to see that being implemented by an oppressive regime.”
“To see any improvement at all was pretty surprising — they have been putting effort into infrastructure that prevents people from opening media other than that signed by the government. That’s a big improvement.”
In Redstar, Grunow said, the regime had tried to “track” what media was being opened with the device. In Woolim, it scrapped that tracking mechanism and instead relied on permissions to open files. “They were rethinking their strategies on how to prevent [people] opening stuff, and really thinking about what media people were consuming,” he said. “You can see how they improve over time and change their strategy.”
A key problem for the regime, according to Grunow and backed up by other reports, is people’s consumption of illicit material smuggled in on USB sticks. North Korean defectors smuggle Western and South Korean news, TV, and films into the country to show people that life outside North Korea isn’t as bleak as the regime claims.
“The biggest problem is those USB sticks, and this is what they’re trying to tackle, first with that signature algorithm in Redstar, and the prevention mechanism [in Woolim],” said Grunow.
And are there any hints of future capabilities in that Woolim device?
Maybe, according to Grunow. The team spotted that both Redstar OS and the Woolim tablet had virus scanning software, which was apparently “not actively used”. It’s possible that the government might turn that software into another spying tool by pushing out updates to devices. “If I had to make an educated guess, they might be able to implement some kind of patching.” Grunow said. “Having a live view of devices would be a nice feature for an oppressive regime.”
Grunow said this was simply speculation, but said he thought there wasn’t currently a way for the regime to have a “live” view on what users were doing on PCs or tablets. “All functionality is offline.”
While little is known about North Korean consumption of tech, UN statistics peg mobile subscriptions at 11% of the population.
And does Grunow ever fear for his safety?
“I hope there’s not someone running around with liquid,” he said, referencing the grisly attack on Kim Jong Un’s estranged half brother. “The German embassy in North Korea have told me, ‘Don’t come into the country’.”