Major flaw in BlackBerry software may affect car safety, hospitals


BlackBerry, a software design company, announced it had discovered a critical vulnerability (CVSS score 9.0) in its QNX real-time operating system (QNX RTOS), prompting a warning from U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The agency stated that vulnerabilities 'could result in a malicious actor gaining control of highly sensitive systems.'

BlackBerry's software is used by major automakers, including BMW, Ford Motor, and Volkswagen. Among the functions, the software controls are the Advanced Driver Assistance System. According to Reuters, a flaw in QNX RTOS could allow an attacker to flood a server with traffic until it crashed or execute an arbitrary code.

ADVERTISEMENT

CISA noted that the exploit of vulnerabilities 'could result in unexpected behavior such as a crash.'

Reuters reports that the Canadian software developer claims the vulnerability affects older versions of QNX RTOS, dating from 2012 and back. So far, there's no indication that the flaw was abused.

Since the software is also used to run medical equipment, the U.S. Food and Drug Administration (FDA) stated that it was not aware of any adverse events. However, FDA claims that vulnerabilities 'may introduce risks for certain medical devices and drug manufacturing equipment.'

Politico reported that BlackBerry initially denied that the BadAlloc vulnerability had any impact on its product. Other companies affected by the same vulnerability went public in May, whereas BlackBerry denied impact on its products and refused to acknowledge the flaw publicly.

With the heyday of BlackBerry's once-popular smartphones long gone, the company shifted towards making software for industrial equipment. Canadian company boasts that, apart from the automotive and health sector, QNX is used by aerospace and defense, rail, robotics, and other sectors.


More from CyberNews:

Smart cities: progress with a hidden price tag

What can stop the cybercrime tsunami?

Researchers have cracked facial recognition systems

Why Hollywood movies about hackers make this cybersecurity veteran cringe

The new platform that helps people recover from digital rights violations

Subscribe to our newsletter


ADVERTISEMENT