A cybersecurity vulnerability in software designed by Blackberry Ltd could put certain vehicles and medical equipment that use it at risk of attacks from hackers.
The Canadian company disclosed that its QNX Real-Time Operating System has a flaw that could allow hackers to execute an arbitrary code or flood a server with traffic to make it crash and become paralyzed, report Reuters.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that if the software becomes compromised, it “could result in a malicious actor gaining control of highly sensitive systems, increasing risk to the nation’s critical functions.”
Read Also: BlackBerry To Turn Cars Into Mobile Wallets That Pay For Fuel, Tolls, And More
Fortunately, the agency said that it is not yet aware of any cases of hackers actively exploiting the security vulnerability. The U.S. Food and Drug Administration also said that it was unaware of any hacks affecting medical equipment, though equipment manufacturers are still in the process of assessing the software flaw’s implications.
The software is used by automakers such as Ford, Volkswagen, and BMW for many functions, including Advanced Driver Assistance Systems. The flaw does not affect the current or recent versions of the software, but it does include versions dating from 2012 and earlier.
Politico reports that Blackberry first denied the existence of the software flaw, dubbed BadAlloc, and resisted making a public announcement.
Blackberry said that, at this time, it is not aware of any customers that have been impacted by the cybersecurity flaw. It has notified customers that could be impacted, though, and has made software patches available to resolve the matter.