UPDATE: August 11, 2015
Charlie Miller, one of the security researchers who uncovered the vulnerability described in this Fact Check, has publicly confirmed that the vulnerability “doesn’t have anything to do with QNX security”. Case closed.
By now, you have likely seen the headlines on WIRED and other media outlets about the remote exploitation of a vehicle infotainment system. In summary, two security researchers were able to leverage a vulnerability in the system and take over the vehicle’s dashboard functions, steering, transmission, and brakes.
Since the exploit came to light, a formal recall has been issued for 1.4 million vehicles that may be affected by the vulnerability, it looks like a class-action lawsuit is on the way, and the National Highway Traffic Safety Administration (NHTSA) is apparently studying the issue, with a report to come.
More recently, however, the website Seeking Alpha has published its own story on the matter, which speculates on BlackBerry’s role. While the legal complaint is directed at the vehicle manufacturer and the maker of the infotainment system, the operating system used is the QNX Neutrino OS supplied by QNX Software Systems, a subsidiary of BlackBerry. So, the article asks, is the hack a vulnerability of QNX technology?
We can state unequivocally that it is not.
The QNX Neutrino OS has been deployed in more than 60 million vehicles and field-proven in a host of mission-critical and safety-critical applications. In any computing architecture, the OS can play a key role in enabling reliability and security. An infotainment system such as the one in question has several software components in addition to an OS. The security of such a system is only as strong as the weakest link. In this particular case, the vulnerability came about through certain architecture and software components that are unrelated to the QNX Neutrino OS.
Further, the two security researchers who uncovered the vulnerability have clearly demonstrated that the weakness exploited is not due to the QNX Neutrino OS.
Finally, and perhaps most important, the automaker, the infotainment system supplier and the cellular carrier that connects these vehicles to the Internet have already implemented measures to block unauthorized entry to affected systems.
Connected cars are the future, and BlackBerry is proud to play a leading role in this exciting field through QNX and BlackBerry IoT.