Flaw affects QNX vehicles from 2012 and earlier
Authorities report no known attacks using exploit
A cybersecurity flaw in software from BlackBerry could put cars (as well as some medical systems) at risk of hacker attacks, US authorities said yesterday. The news comes after the company disclosed a vulnerability in the QNX Real Time Operating System that is used in millions of vehicles.
Though you likely haven’t heard the BlackBerry name in quite a few years, the company’s QNX software handles key functions in nearly two hundred million vehicles from Volkswagen, Ford, and BMW, among others. The operating system controls infotainment systems as well as some critical functions including the advanced driver assistance systems.
According to BlackBerry, Reuters reports, the issue is not with current or even recent versions of the systems, but rather from versions dating back to 2012 and earlier. The company said that no customers have indicated they were affected by the problem.
The U.S. Cybersecurity and Infrastructure Security Agency said that the software compromise “could result in a malicious actor gaining control of highly sensitive systems, increasing risk to the Nation’s critical functions,” but said they weren’t aware of any active exploits of the flaw.
BlackBerry has said that it has notified customers and made software patches available, but it’s not clear how or if those patches would make it to in-service cars and trucks. Microsoft security researchers first identified the flaw, but none of the parties involved has said what the potential effects on a vehicle could be.