BlackBerry Denies QNX Was To Blame In Jeep Cherokee Hack

← Back to Stories (view on slashdot.org)

BlackBerry Denies QNX Was To Blame In Jeep Cherokee Hack

Posted by timothy on Tuesday August 11, 2015 @02:19AM from the was-the-other-guy dept.

itwbennett writes: Last month, security researchers demonstrated how to circumnavigate the in-vehicle entertainment system of the Jeep Cherokee to take over the car itself, including control of the dashboard, steering mechanism, transmission, locks, and brakes. The more than 1.4 million vehicles being recalled all run the QNX Neutrino OS, which was supplied by BlackBerry subsidiary QNX Software Systems. But the flaw being exploited was not within the OS itself, BlackBerry said Monday in its blog.

6 of 108 comments (clear)

Min score:

Reason:

Sort:

Blackberry not compatible with anything by cgfsd · 2015-08-11 02:26 · Score: 4, Funny

Having a Blackberry for work, I would agree with Blackberry as QNX not being the problem. My Blackberry is not compatible with anything and doesn't run anything, so I would find it hard that someone could write an exploit and actually get it to run on a Blackberry OS.
What's the story? We already know it's not the OS. by xxxJonBoyxxx · 2015-08-11 02:28 · Score: 5, Informative

It's pretty clear that Blackberry's right about the OS here. From TFA:
"The researchers themselves did not target QNX specifically, but rather the connectivity software that runs on top of QNX, called uConnect which, using cellular connections, offers Internet access, navigation, voice command capabilities and other features to drivers."
Circumnavigate? by JustAnotherOldGuy · 2015-08-11 02:30 · Score: 4, Informative

Circumnavigate?
Umm, no. That is not how that word is used. I think they meant "circumvent".

--
Just cruising through this digital world at 33 1/3 rpm...
Old guy story by H0p313ss · 2015-08-11 02:43 · Score: 4, Interesting

Amusingly, in while taking first year university courses in 1993, I placed second in a programming competition that was sponsored by OTI (now IBM) and QNX (now Blackberry).
First prize was a licensed copy of QNX, second prize was a 2400 baud modem. I think I got a better deal with the modem.

--
XML is a known as a key material required to create SMD: Software of Mass Destruction
Re:What's the story? We already know it's not the by TemporalBeing · 2015-08-11 02:48 · Score: 4, Informative

It's pretty clear that Blackberry's right about the OS here. From TFA:
"The researchers themselves did not target QNX specifically, but rather the connectivity software that runs on top of QNX, called uConnect which, using cellular connections, offers Internet access, navigation, voice command capabilities and other features to drivers."
Exactly. It's no help that everyone is connected on the CAN-bus with little in way of security there...

--
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
The issue is not technical by t0mek · 2015-08-11 03:36 · Score: 5, Insightful

Engineers who work on steering, brakes, transmission and other core systems in the car are much more experienced than those who code up an entertainment system. The core engineers cost more, use much stricter (therefore longer and more costly) processes and so on. It would be wasteful to throw all that experience, time and money into non-critical system that doesn't need it. Jeep, quite rightfully, did sensible thing there. But running all systems on shared core or bus was asking for trouble. And they got what they asked for.
Maybe next time they should try drive a pacemaker from an Android phone they also use to play games watch kitten videos, you know, to save the cost of the pacemaker's own microcontroller and battery. What can possibly go wrong?