Turns out black hat hackers aren’t the only ones with their eye on the connected car. A recent set of documents published by WikiLeaks revealed that the CIA is investigating the possibility of hacking automotive software. It listed several different targets, including our very own BlackBerry QNX OS-based platforms.
First off, let me say that we are not currently aware of any attacks or exploits against BlackBerry products or services, including QNX. Still, the news is a bit frightening, now that we are in the semi-autonomous driving age and evolving towards fully self-driving cars. The notion that someday a car could be hacked and used to carry out a nearly undetectable assassination doesn’t seem all that far-fetched.
It’s certainly a risk we are aware of. To mitigate such risks requires a different, better approach to security and system design. That approach is embodied by BlackBerry QNX.
QNX Protects More Than Just the Front Door
Picture a house where the homeowner assumes that the front door is the main point of entry. He or she might make that door completely impenetrable, with multiple locks and alarms, none of which will help when a robber simply climbs in through the unlocked bedroom window.
Now imagine instead that the homeowner puts locks on every door, secures every window, installs surveillance cameras inside the home, and puts their valuables inside a safe. Even if the robber manages to get in, the amount of time required to go from room to room increases exponentially, maybe even to the point that robbing the house in the first place is no longer practical.
This is exactly the idea behind the QNX Operating System (OS) model, and the way we feel every system should be designed. In a standard OS, if an attacker gains root access, they can do anything. That’s why most cyberattacks ultimately boil down to fooling the OS into thinking the attacker is a root user – which gives them full access to any system (in essence, having the key to every room and safe). That is not the case with QNX OS. In our OS model, systems can be constructed in which no single process is running as root – you create a truly rootless system.
Moreover, the QNX Software Development Platform SDP 7.0 is much more than an OS – it is a 64-bit OS and a multi-level platform featuring a policy-driven security model which incorporates BlackBerry’s best-in-class security technology. It is the most advanced and secure embedded platform on the market, designed from the ground-up for security and availability. And it will be certified to ISO 26262 ASIL D – the highest safety delegation possible for a vehicle.
No More Chains: QNX’s Multi-Layered Approach to Security
Today’s high-end cars contain more than 100 million lines of software code – that dwarfs the amount of code in the space shuttle, Boeing 787 Dreamliner, and Microsoft Office combined. To truly harden a complex system, such as a car, against attack requires layered, interlocked security and sophisticated system engineering. You cannot secure only a single attack surface. That’s why BlackBerry QNX is much than an OS – it helps orchestrate an entire stack of applications, processes, processors, and networking hardware to protect against everything from system malfunctions to malware to active cyberattacks, including:
- Secure over-the-air software patches and updates
- Certicom AMS technology to ensure integrated circuits running the software are manufactured securely and without tampering
- Application ‘sandboxing’ so that only trusted code is executed
- Encryption on both at-rest and in-transit data
- A team of security researchers and engineers who regularly scan for vulnerabilities and code design issues
- Hypervisors that create virtual software containers, such that any hiccup or breach in one car system, such as the Infotainment System, can be isolated and does not affect or create vulnerabilities in other domains (like the steering system or the engine)
- Certicom Managed PKI and security toolkits that are FIPS 140-2 certified
It’s these components, working together and driven by policies, that truly guard today’s connected cars against failure or breach.
The integrated approach is key. Security is only as strong as its weakest link. As such, BlackBerry advocates that vehicle makers design in security from the ground up, using the trusted and proven methodology we have deployed for years in the highest-grade security phones used by governments and regulated industries. We are the gold standard in the industry for a well-proven reason.
How we drive is rapidly changing. Software-defined cars are already on the market, and fully autonomous cars will someday join them.
By tapping into BlackBerry’s security expertise and making use of BlackBerry QNX, automakers can help ensure that a car can’t be hacked and turned into a weapon, as well as keep drivers connected and protected, both on the road and off.
Learn more about BlackBerry QNX.