BlackBerry can't catch a break: Now it's fending off Jeep hacking claims
QNX Neutrino OS 'unrelated' to vulnerability, say Canucks
BlackBerry has denied rumors that its software might have played a role in the infamous "Jeep hack," saying it's "unequivocally" not true.
In July, security researchers revealed that certain cars built by Fiat Chrysler were vulnerable to potentially life-threatening remote attacks, thanks to a flaw in the automaker's uConnect in-vehicle infotainment system.
The underlying operating system that powers uConnect is QNX Neutrino, a real-time OS that's made by a BlackBerry subsidiary. On Friday, investment website Seeking Alpha published an editorial questioning whether some kind of flaw in QNX might be implicated in the Jeep hack.
"Indeed, QNX is the operating system at the heart of the uConnect system and is – or should be –responsible for the security of the system," the authors wrote, "just as the Microsoft Windows operating system is responsible for the security of Windows based computers, OS X is responsible for the security of Apple computers, iOS is responsible for the security of iPhones, and Android is responsible for the security of Android powered phones."
BlackBerry shot back in a blog post of its own on Monday, saying QNX isn't to blame for the hack. "We can state unequivocally that it is not," the company wrote, in a post tagged "BlackBerry Fact Check."
The post went on to state that whoever is ultimately found responsible for the flaws, they lay elsewhere than in its OS.
"The security of such a system is only as strong as the weakest link," it said. "In this particular case, the vulnerability came about through certain architecture and software components that are unrelated to the QNX Neutrino OS."
The so-called Jeep hack is an ongoing source of woes for Fiat Chrysler. It's already become the subject of a class-action lawsuit, which is the kind of bad news that struggling BlackBerry – which has not been named in the complaint – surely doesn't want its brand associated with.
Computer security researchers were able to access the engine computers of uConnect-fitted Chryslers via the public internet and IP port 6667 without any authentication. This allowed the experts to wirelessly, from miles away, force a moving vehicle to suddenly brake.
Once a leader in smartphones, BlackBerry has been all but pushed out of the mobile device market by iOS and Android devices. It's still limping along, but software licensing, rather than phone sales, makes up an ever-increasing portion of its revenue – and that includes QNX.
As BlackBerry points out, QNX has shipped in more than 60 million vehicles, and car infotainment systems are a growth market. But Apple, Google, Microsoft, and others are all waiting in the wings with platforms of their own, and BlackBerry can scarce afford to have QNX's security cast in doubt. Its smartphone operating system, BlackBerry OS 10, is also powered by QNX.
"Connected cars are the future, and BlackBerry is proud to play a leading role in this exciting field through QNX and BlackBerry IoT," the Canadian firm said, adding that Fiat Chrysler and its infotainment software supplier have already taken measures to block potential exploits of their systems. ®