North Korean authorities have delayed a roll-out of a new operating system for Android smartphones, according to a report by Daily NK.
The new software had been due to be released in late 2022, but the launch was delayed by the Ministry of State Security “because the software has failed to meet set technological standards,” it reported on Tuesday.
Authorities now plan to complete the update by the middle of 2023.
When Daily NK first reported on the plans in August 2022, it said the update was due to take place in December and would prevent users from consuming foreign media on their smartphones.
Out of the box, North Korean smartphones contain several security systems intended to prevent their use for anything other than consuming official content. Chief among them is a digital certificate system that requires all apps and media files be cryptographically signed with a digital key before they can be played. [1] The key is issued by the North Korean government.
The system has been in place since around 2014; however, in recent years, it appears a handful of hackers have discovered a way to disable the system. In the Project Reveal report issued in early 2022, I detailed two hackers who had been able to disable the certificate system using a Chinese Android rooting kit loaded into the phone via USB. Rootkits are software applications that allow users to gain “root” access, which allows ultimate power over all software running on the device.
The exploit does not appear to be in widespread use, but it obviously worried the authorities enough to push them to act.
A Pyongyang 2425 smartphone analyzed as part of Project Reveal had USB data communications disabled—the first time that had been noted in a North Korean smartphone. It’s possible this was an immediate reaction by the state to prevent loading of rootkits, but without more phones, it’s impossible to tell for sure.
The new operating system is almost certainly related to this. It will probably either disable USB data communications on older phones or contain a new method to prevent loading of root kits but allow other apps to be loaded. It’s unclear; the state doesn’t publish these details, and it’s unclear from the Daily NK report.
[1] Nat Kretchun, Catherine Lee and Seamus Tuohy, Compromising Connectivity: Information Dynamics Between the State and Society in a Digitizing North Korea (Washington, DC: InterMedia, 2017), 44, https://www.aquietopening.org/s/Compromising-Connectivity-Full-Report.pdf.