BlackBerry Software Cybersecurity Flaw Could Impact Cars, Medical Devices: US Agencies

The software is used by automakers including Volkswagen, BMW, and Ford Motor in many critical functions including Advanced Driver Assistance System.

By Reuters | Updated: 18 August 2021 12:20 IST

Highlights

BlackBerry had initially denied vulnerability impacted it
The company also said it has notified potential customers
CISA said the software is used in a wide range of products

The flaw in BlackBerry's software could put cars and medical equipment at risk

A cybersecurity flaw in a software designed by BlackBerry could put at risk cars and medical equipment that use it and expose highly sensitive systems to attackers, the US drugs regulator and a federal agency said on Tuesday.

The warning came after the Canadian company disclosed that its QNX Real Time Operating System (QNX RTOS) has a vulnerability that could allow an attacker to execute an arbitrary code or flood a server with traffic until it crashes or gets paralyzed.

The software is used by automakers including Volkswagen, BMW, and Ford Motor in many critical functions including the Advanced Driver Assistance System.

BlackBerry 5G Phone 'Pre-Commitment Program' Promises Early Access to Devices

The issue does not impact current or recent versions of the QNX RTOS, but rather versions dating from 2012 and earlier, BlackBerry said, adding that, at this time, no customers have indicated that they have been impacted.

The US Cybersecurity and Infrastructure Security Agency (CISA) said the software is used in a wide range of products and its compromise "could result in a malicious actor gaining control of highly sensitive systems, increasing risk to the Nation's critical functions", the CISA said.

The federal agency that comes under the Department of Homeland Security and the company said they were not yet aware of any case of active exploitation of the flaw.

Amazon, Blackberry Team Up on Cloud-Based Vehicle Software Platform

The US Food and Drug Administration said it was not aware of any adverse events even as medical equipment manufacturers assess which systems could be affected.

The company also said it has notified potential customers that have been affected and has made software patches available to resolve the matter.

BlackBerry had initially denied that the vulnerability, dubbed as BadAlloc, impacted its products and later resisted making a public announcement, Politico reported, citing two people familiar with talks between the company and federal cybersecurity officials, including a government employee.

© Thomson Reuters 2021

It's a John Cena double-header this week on Orbital, the Gadgets 360 podcast, as we discuss The Suicide Squad, and later, Fast & Furious 9 (from 28:03). Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.

(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)

Affiliate links may be automatically generated - see our ethics statement for details.

BlackBerry Records Profit in First Quarter Fueled by Growth in Its Cybersecurity Business

29 June 2023

Blackberry to Sell Patents for Mobile Devices in New $900 Million Deal After Sale to Catapult Collapses

21 March 2023

BlackBerry IoT Unit Sees Increase in Automotive Demand Amid Fall in Cybersecurity Revenue

28 September 2022

BlackBerry Plans to Settle Shareholder Lawsuit Over BlackBerry 10, Avoiding Trial

7 April 2022

BlackBerry to Sell Patents Related to Mobile Devices, Messaging for $600 Million

1 February 2022

BlackBerry Software Cybersecurity Flaw Could Impact Cars, Medical Devices: US Agencies

Related Stories