A cybersecurity flaw in BlackBerry-developed software could endanger cars and medical equipment that use it and expose highly sensitive systems to attackers, the US drug regulatory agency and a federal agency said on Tuesday.
The warning came after the Canadian company revealed that its QNX Real Time Operating System (QNX RTOS) has a vulnerability that could allow an attacker to execute arbitrary code or flood a server with traffic until it crashes or comes to a standstill.
The software is used by car manufacturers including Volkswagen, BMW and Ford Motor in many critical functions, including the Advanced Driver Assistance System.
The issue does not affect current or recent versions of QNX RTOS, but rather 2012 and earlier versions, BlackBerry said, adding that so far, no customers have indicated that they are affected.
The US Cyber Security and Infrastructure Agency (CISA) said the software is used in a wide range of products and its compromise “may result in a malicious actor gaining control of highly sensitive systems, increasing the risk for the critical functions of the Nation,” said CISA. .
The federal agency that is linked to the Department of Homeland Security and the company said they were not aware of any case of active exploitation of the fault.
The US Food and Drug Administration said it is not aware of any adverse events, even as medical device manufacturers assess which systems may be affected.
The company also said it notified potential customers that they were affected and made software patches available to address the issue.
BlackBerry initially denied that the vulnerability, dubbed BadAlloc, impacted its products and then resisted making a public announcement, Politico said, citing two people familiar with conversations between the company and federal cybersecurity officials, including a government official.
© Thomson Reuters 2021
(This story has not been edited by the NDTV team and is automatically generated from a syndicated feed.)