Vulnerability in BlackBerry’s QNX RTOS impacts cars and medical equipment

In a statement U.S. drugs regulator and a federal agency said, a cybersecurity vulnerability in a software designed by BlackBerry Ltd could put medical equipment and cars at heightened risks and expose highly sensitive systems to attackers.

This warning comes in the wake of BlackBerry disclosing that its QNX Real Time Operating System (QNX RTOS) has a vulnerability that could allow an attacker to execute an arbitrary code or flood a server with traffic until it crashes or gets paralyzed.

BlackBerry’s software is used by automakers including BMW, Ford Motor and Volkswagen in many critical functions such as Advanced Driver Assistance Systems.

Incidentally, the vulnerability is not present in recent versions of the QNX RTOS, but impacts older versions dating back to 2012 and earlier, said BlackBerry while adding no customers have indicated that they have been impacted by the vulnerability.

In a statement, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said, BlackBerry’s QNX RTOS is widely used by a whole gamut of products and its compromise “could result in a malicious actor gaining control of highly sensitive systems, increasing risk to the Nation’s critical functions”.

The Department of Homeland Security said, it was not aware of any case of active exploitation of the vulnerability.

The Food and Drug Administration said, it was not aware of any adverse events stemming from the flaw. Medical equipment manufacturers are in the process of assessing which systems could be affected by the vulnerability.

BlackBerry said, it has notified potential customers of the vulnerability and has issued software patches to resolve it.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s