Companies across industries partner for various reasons, and their collaborations eventually yield mutual benefits. That’s the case with Ford, Volkswagen, and other auto manufacturers using BlackBerry software in their vehicles. BlackBerry establishes itself as a leader in safety-critical software, and the automakers leverage such technology.

But unfortunately, a major flaw in certain BlackBerry software installed in certain Ford, Volkswagen, and other automakers’ vehicles has left them vulnerable to nefarious hackers. And the results could be catastrophic.

The software in Ford, Volkswagen, and other models

BlackBerry QNX is a Unix-like operating system using software in older-model Ford and Volkswagen vehicles for a broad range of critical systems. They include secure data gateways, advanced driver assistance systems (ADAS), and digital cockpits.

Additionally, BlackBerry QNX has shaped the future of the automotive industry. That’s a result of design wins with 23 of the top 25 EV automakers. The company also provides a secure, safe, and reliable software foundation for autonomous driving systems.

It’s also worth mentioning that most BlackBerry QNX software products used in vehicles’ electronic control units are licensed on a per-unit royalty basis.

A flaw leaves Ford, VW, and other automakers’ vehicles vulnerable to hackers

The BlackBerry software has a cybersecurity defect that might put medical equipment and vehicles that use it at risk by exposing susceptible systems to hackers. The warning came after the Canadian company disclosed vulnerability in its QNX Real-Time Operating System (QNX RTOS). 

This vulnerability can allow attackers to flood a server with traffic until it gets paralyzed or crashes, or they can also execute an arbitrary code. Various automakers, including Ford and Volkswagen, use the software in multiple critical functions, including ADAS. 

BlackBerry says the problem affects only older versions of the QNX RTOS dating from 2012 and earlier. The company also indicates that those using this software’s current or recent versions should not worry about the vulnerability. Still, the flaw has left almost 2 million vehicles vulnerable to attackers. The defect gives hackers a way to attack these systems remotely.

As of this writing, there have been no reports of active exploitation of this flaw that can allow malicious actors to gain control of susceptible systems, but BlackBerry has since made software patches available to resolve the issue, Reuters reports.

Mitigation suggestions for the software defect

Today, cybersecurity is a concern for most businesses, including software companies. So such firms need to inform their customers when they experience a security flaw. BlackBerry made such a public disclosure on August 17 after a BadAlloc vulnerability affected the firm’s QNX RTOS. 

BadAlloc is a collection of vulnerabilities that affect several RTOSs and supporting libraries as well. As such, critical infrastructure entities and other companies using, developing, supporting, or maintaining QNX-based systems should patch affected products promptly, the Cybersecurity & Infrastructure Security Agency (CISA) suggests. Also, end-users of safety-critical systems should contact the manufacturer to ensure their product gets a patch.

CISA also advises manufacturers of products that use vulnerable versions of BlackBerry’s software to contact the company to obtain the patch they need.