Even by North Korean standards, the DPRK's Ullim tablet is creepily surveillant

The Ullim Tablet is the latest mobile device from North Korea to be subjected to independent analysis, and it takes the surveilling, creepy nature of the country's notoriously surveillant Android devices to new heights of badness.


The Ullim analysis was conducted by researchers from Heidelberg's Enno Rey Netzwerke and presented at last year's Chaos Communications Congress in Hamburg. The Ullim tablet was made by installing a custom Android 4.4.2 version on a Chinese Z100 tablet that has had its network interfaces removed — you get it online by attached a tightly-controlled network dongle that does wifi, Ethernet and dial-up.

The Ullim Android customization removes many of the stock Google apps (such as Gmail) and adds in several apps designed to spy on the tablet's users. These include Red Flag, a background app that takes a screenshot every time an app is opened, logs browser history and reports on any attempts to tamper with the OS; and Trace Viewer, an app that for examining the forensic data created by Red Flag. Any logged in user can launch and use Trace Viewer, providing a reminder that everything you do with the tablet is being watched.

The Ullim also watermarks all the files generated by the OS, linking them to the device's unique serial number, locks out any app not on a whitelist, and refuses to play back any media files that are not on a nationally maintained whitelist of approved programs.


In the recently published "Compromising Connectivity," Intermedia reports the digital signature system was rolled out to all Android devices in late 2013, less than two years after Kim Jong Un became leader of the DPRK. The operating system update, which was mandated for all users, effectively shut off North Koreans' ability to access any information sent on USB sticks or memory cards with these devices because the data would be missing signatures of either the government or personal keys.

Despite that 2013 move, there continue to be several high-profile attempts to send in digital information such as Wikipedia databases or other media on USB sticks or memory cards. This must raise the question: can anyone in North Korea access the digital information?

I asked Grunow to rate the job the North Korean engineers have done from the view of restricting media consumption.

"It's the way I would have done it," he said.


It's difficult to tell if there are any bugs or backdoors in the software because it can't be viewed operating on the North Korean intranet, but Grunow says his team hasn't found any major bugs so far.

There are a few areas that merit a closer investigation, Grunow added, but he doesn't want them made public for fear of tipping off North Korean computer scientists to possible weaknesses in the system.

All That Glitters Is Not Gold: A Closer Look at North Korea's Ullim Tablet
[Martyn Williams/38 North]


(via 4 Short Links)


(Image: Florian Grunow)