A day after it was revealed through WikiLeaks that the CIA has allegedly explored hacking vehicle computer-control systems, including BlackBerry’s QNX OS, the company said its software is safe.
“We are not currently aware of any attacks or exploits against BlackBerry products or services, including QNX. Still, the news is a bit frightening, now that we are in the semi-autonomous driving age and evolving towards fully self-driving cars,” Marty Beard, BlackBerry’s chief operating officer stated in a blog.
BlackBerry claims its QNX software is in 60 million cars represented by more than 240 car models. The company has its sights set on becoming the leading end-to-end software platform provider in connected cars.
Today, QNX software can not only be found in a vehicle’s in-vehicle infotainment system, but also in support of vehicle telematics, instrument clusters and advanced driver assistance systems (ADAS).
WikiLeaks released more than 8,700 documents it claimed came from the CIA’s Center for Cyber Intelligence. Some of the documents indicated the intelligence agency had looked at exploiting security vulnerabilities in smartphones, smart TVs and vehicle computer systems. The aim is allegedly to be able to activate the devices’ microphones and cameras to be able to spy on enemies.
“As of October 2014, the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks,” the WikiLeaks post stated. “The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.”
David Kleidemacher, BlackBerry’s chief security officer, said what keeps him up at night is that vehicles are such a rich target of opportunity for nation states and terrorists.
“If you’re a terrorist and you’re trying to do a lot of damage, would you rather hijack and fly airplane into the Twin Towers… or would you rather find a way to hijack 10 million cars at once because there’s a common Internet connection between them? Wouldn’t that be more attractive to a terrorist?” Kleidemacher said. “The fact that people don’t think that’s a real threat is deeply disturbing to me.”
QNX, however, doesn’t have the same vulnerabilities as consumer, or even enterprise-class, OSes, because as a system critical to vehicle safety, it has been designed without root vulnerabilities, according to Kleidemacher.
QNX, he said, is based on a microkernel architecture, which compartmentalizes functions such as the networking stack, the file system, software drivers, and memory.
In a standard OS, built using a monolithic kernel architecture, if an attacker gains root access they then have free run of the entire system. That’s why so many cyberattacks ultimately boil down to fooling the OS into thinking the attacker is a root user.
“There haven’t been any vulnerabilities in either the current or previous versions of QNX,” Kleidemacher said, adding that QNX is also the only automotive software that meets ISO 26262 — the highest automotive safety integrity level possible.
Following the documents by WikiLeaks, security experts said they weren’t surprised the CIA has been looking into vulnerabilities, but they were dismayed that the agency has been hoarding them.
“The agencies are supposed to reveal vulnerabilities so companies can fix them and keep Americans safe. This is an example of a huge agency not following those rules and leaving people exposed to vulnerabilities so they can exploit them,” said Kit Walsh, a staff attorney with the privacy group Electronic Frontier Foundation (EFF).
Cryptographer and computer security specialist Bruce Schneier said what’s needed is government regulation.
“This is a huge problem,” Schneier said. “It’s things that affect the world in a direct physical manner and will cause harm to property and life.”
Modern vehicles have anywhere from 60 to 100 microprocessors or electronic control units (ECUs) and over 100 million lines of software code. And, increasingly, vehicles are being connected to the Internet via Wi-Fi, leaving them open to remote hacking.
Automakers are also exploring ways to connect cars to each other and the roadway infrastructure around them to enable autonomous features, such as automated navigation, being able to detect roadway obstructions and alleviate intersection backups by the cars ‘reading’ when traffic lights are changing.
Kleidermacher agreed there is a lack of regulatory oversight with regard to automotive software safety, and that needs to be corrected.
Last year, President Barack Obama created the Commission on Enhancing National Cybersecurity with the task of speaking to industry experts to develop ways to enhance cybersecurity.
BlackBerry was one of 100 organizations interviewed for ideas on how to buttress security.
The biggest gap facing high-risk, critical wireless infrastructures, such as healthcare devices such as pacemakers, Kleidermacher said, is that consumers don’t have proof that the systems are secure.
Last August, for example, whitehat hackers proved St. Jude Medical Inc.’s cardiac implants, such as such as pacemakers and defibrillators, were vulnerable to potentially life-threatening cyber attacks. St. Jude initially disputed its implants were hacked, but independent security experts later proved they were vulnerable.
The reason consumers don’t know whether an internet-connected device is vulnerable to hacking or not is there’s no federal mandate requiring independent certification of those devices, Kleidermacher said.
“If you look at defense systems. If you look at financial systems, like smart cards, there’s well-established programs for evaluating security,” Kleidermacher said. “But in automotive there isn’t such a standard.”
“That’s the biggest problem right now,” Kleidermacher said, “is you and I have no clue whether or not these systems are secure.”