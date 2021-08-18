Cancel
CreatorsPublishersAdvertisers
View more in
Technology

BlackBerry QNX flaw left cars and medical devices vulnerable to attack

By M. Moon
Engadget
 7 days ago

A major vulnerability affecting older versions of BlackBerry's QNX operating system could allow hackers to gain control of a variety of products, including cars and medical devices. Apparently, some older versions of QNX have a BadAlloc vulnerability, which gives bad actors a way to attack systems remotely. The infiltrators could then execute a denial-of-service attack or execute arbitrary code. BlackBerry, the FDA and US Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) have issued advisories about the flaw. According to Politico, though, BlackBerry originally didn't want to go public about it and kept it a secret for months.

www.engadget.com

Comments / 0

IN THIS ARTICLE
#Blackberry Os#Qnx#Cars#Medical Devices#Qnx#Blackberry#Badalloc#Homeland Security#Cisa#Os
YOU MAY ALSO LIKE
NewsBreak
Microsoft
NewsBreak
Technology
NewsBreak
FDA
Related
HealthDOT med

Streamlining the medical device recall process with UDIs

The U.S. has averaged more than 2,900 medical device recalls annually since 2014 and that number does not appear to be going down. In 2020, only 18% of all medical device recalls included the Unique Device Identifier (UDI) and only 24% of those flagged as implant recalls. The overarching intent...
Cell Phonespymnts.com

Car IQ Partners With BlackBerry On Autonomous Connected Car Payments

Drivers will soon be able to leave their wallets in the back seat, as Car IQ is hatching a plan with BlackBerry to create an autonomous and highly secure payment system for connected cars. The system will connect BlackBerry’s intelligent vehicle platform IVY with Car IQ’s artificial intelligence-based authentication technology...
ComputersZDNet

Ransomware: Now attackers are exploiting Windows PrintNightmare vulnerabilities

Cyber criminals are exploiting Windows PrintNightmare vulnerabilities in their attempts to infect victims with ransomware – and the number of ransomware groups attempting to take advantage of unpatched networks is likely to grow. The remote code execution vulnerabilities (CVE-2021-34527 and CVE-2021-1675) in Windows Print Spooler – a service enabled by...
ComputersInvestorPlace

BlackBerry Stock Popped Despite QNX Security Scare

No matter what business it’s been in — smartphones, enterprise software, messaging or embedded automotive software — BlackBerry Ltd. (NYSE:BB) has worked hard to craft an identity around security. However, BB stock was in the headlines on Tuesday when it was announced that a security flaw had been found in its QNX software.
SoftwareNeowin

CISA: BadAlloc vulnerability can lead to remote code execution in BlackBerry products

Back in April, Microsoft highlighted a collection of vulnerabilities called "BadAlloc" affecting Internet of Things (IoT) and Operational Technology (OT) devices. It stated that the memory vulnerabilities could be used to trigger remote code execution (RCE) across millions of devices in multiple sectors including healthcare, industrial, automotive, and enterprise. BlackBerry disclosed yesterday that many of its products are affected by a BadAlloc vulnerability and the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Agency (CISA) has now issued an advisory on the matter too.
Cell PhonesCarscoops

BlackBerry To Turn Cars Into Mobile Wallets That Pay For Fuel, Tolls, And More

BlackBerry will partner with a U.S. company to turn vehicles into so-called mobile ‘wallets.’. The software specialist and former cellphone giant has announced an agreement with Calfornia’s Car IQ that will tap into connected car payments. It is reported that the system will involve Car IQ’s financial software being linked with BlackBerry’s in-vehicle ‘edge’ computing that processes data at the site rather than transmitting it elsewhere for processing. The system will also provide access to various vehicle sensors.
Technologysiliconangle.com

BlackBerry QNX flaw prompts warnings from government authorities

A newly disclosed flaw in software from BlackBerry Ltd. has resulted in warnings from U.S. government authorities due to its serious nature. The flaw, described as a BadAlloc vulnerability, has been founded in BlackBerry’s QNX Real Time Operating System. QNX is a commercial Unix-like real-time operating system primarily used in embedded systems. The software can be found in medical devices, cars, factories and even the International Space Station.
SoftwareThe Hacker News

Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices

Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits (SDKs) accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. The flaws, which affect Realtek SDK v2.x, Realtek "Jungle" SDK v3.0/v3.1/v3.2/v3.4.x/v3.4T/v3.4T-CT, and Realtek "Luna" SDK up...
Technologyinforisktoday.com

FireEye, CISA Warn of Critical IoT Device Vulnerability

FireEye researchers and the U.S. Cybersecurity and Infrastructure Security Agency are warning about a critical vulnerability that could allow an attacker to gain remote access to potentially millions of compromised IoT devices, such as connected security cameras. The flaw, tracked as CVE-2021-28372, is found in ThroughTek's Kalay protocol, which the...
Softwaretechxplore.com

Vulnerability found in IoT devices that use ThroughTek 'Kalay' network

A team of researchers at Mandiant has found a security vulnerability in IoT devices that use the ThroughTek "Kalay" network. Parent company Fireeye has published a blog account of the work done by the team that discovered the threat, which explains how users can protect themselves. ThroughTek has also posted a warning about the vulnerability on its website.
SoftwareDark Reading

'BadAlloc' Vuln Affects Devices Using Older BlackBerry QNX Products

BlackBerry has disclosed its QNX Real Time Operating System (RTOS) is affected by BadAlloc vulnerability CVE-2021-22156, which if exploited could allow an attacker to perform a denial-of-service or execute malicious code on target devices, the Cybersecurity and Infrastructure Security Agency (CISA) says in an advisory. BadAlloc is a series of...
Computerscepro.com

Newly Found IoT Vulnerability Could Impact up to 83M Devices

A newly discovered vulnerability that could affect 83 million Internet of Things (IoT) devices could allow an attacker to listen to live audio, watch real-time video data and compromise device credentials for further attacks or remotely control devices, according to a new report from cybersecurity firm FireEye. The IoT has...
Softwareinfosecurity-magazine.com

CISA Urges Organizations to Patch Critical BlackBerry QNX Bug

A vulnerability in BlackBerry’s QNX Real-Time Operating System (RTOS) could pose a serious security risk to critical infrastructure providers, the US government has warned. Microsoft first discovered the so-called “BadAlloc” flaws in April. These remote code execution (RCE) bugs cover over 25 CVEs and take the form of integer overflow or wraparound vulnerabilities, it said at the time.
SoftwareCSO

BlackBerry faces bad PR by failing to go public with BadAlloc vulnerability

Anyone who has ever traveled knows that bedbugs are the kiss of death for a hotel, and possibly the franchise, as no one likes to get bit. BlackBerry is hoping the analogy doesn’t transfer to the bugs found in its QNX embedded operating system. The company opted to quietly handle the vulnerability with its partners, apparently hoping the public wouldn’t get a whiff of the bad news.
SoftwareRedmondmag.com

Attackers Now Scanning for 'ProxyShell' Vulnerabilities in Exchange Server

Recent scanning for a "Critical" remote code execution vulnerability (CVE-2021-34473) in Exchange Server, dubbed "ProxyShell," has been detected by security researchers. Security researcher and ex-Microsoft employee Kevin Beaumont described seeing an uptick in ProxyShell scanning in this Aug. 9 Twitter post. Later, he stated that an "Exchange ProxyShell exploitation wave has started," in an Aug. 12 Twitter post.
Electronicssiliconangle.com

Critical vulnerability in security cameras opens the door to attackers

A critical vulnerability in internet-connected security cameras can allow an attacker to remotely watch live video and gain access to networks. Discovered and detailed today by researchers at FireEye Inc. Mandiant, the vulnerability relates to the Kalay network offered by ThroughTek Co. Ltd. Kalay provides a system for connecting smart devices with mobile applications and is offered to original equipment manufacturers as a software development kit.

Comments / 0

Community Policy