A cybersecurity flaw in software developed by BlackBerry could endanger the cars and medical devices that use them and expose highly sensitive systems to attackers, the US drug agency and a federal agency said on Tuesday.
The warning came after the Canadian company announced that its QNX Real Time Operating System (QNX RTOS) had a vulnerability that could allow an attacker to execute arbitrary code or flood a server with traffic until it crashes or becomes paralyzed.
The software is used by automakers such as Volkswagen, BMW, and Ford Motor in many critical functions, including the Advanced Driver Assistance System.
The issue does not affect current or newer versions of the QNX RTOS, but rather versions from 2012 and earlier, BlackBerry said, adding that at the time, no customers indicated they were affected.
The US Cybersecurity and Infrastructure Security Agency (CISA) said the software is used in a wide variety of products and its compromise “could lead to a malicious actor gaining control of highly sensitive systems, putting the critical functions at risk the nation is increasing, “said the CISA.
The federal agency under the Department of Homeland Security and the company said they were not yet aware of any case of active exploitation of the bug.
The US Food and Drug Administration said it was not aware of any adverse events, even as medical device manufacturers assess which systems may be affected.
The company also said it had notified potential customers who were affected and made software patches available to address the issue.
BlackBerry initially denied that the vulnerability, known as BadAlloc, affected its products and later resisted a public announcement, Politico reported, citing two people familiar with the conversations between the company and state cybersecurity officials, including a government employee.
© Thomson Reuters 2021
(This story was not edited by NDTV staff and is automatically generated from a syndicated feed.)