BlackBerry Denies QNX Was To Blame In Jeep Cherokee Hack

itwbennett writes: Last month, security researchers demonstrated how to circumnavigate the in-vehicle entertainment system of the Jeep Cherokee to take over the car itself, including control of the dashboard, steering mechanism, transmission, locks, and brakes. The more than 1.4 million vehicles being recalled all run the QNX Neutrino OS, which was supplied by BlackBerry subsidiary QNX Software Systems. But the flaw being exploited was not within the OS itself, BlackBerry said Monday in its blog.

Blackberry not compatible with anything

[cgfsd]

Having a Blackberry for work, I would agree with Blackberry as QNX not being the problem. My Blackberry is not compatible with anything and doesn't run anything, so I would find it hard that someone could write an exploit and actually get it to run on a Blackberry OS.

Re:

[OdinOdin_]

That is because they didn't bake security into the windows platform from the start. Security is a process not a piece of software.

Re:

[JustAnotherOldGuy]

someone could write an exploit and actually get it to run on a Blackberry OS.

As a fellow ex-Blackberry owner, I agree- that was where the story became difficult to believe.

Re:Blackberry not compatible with anything

[MightyMartian]

Find another job soon. BB is going to go under in the next couple of years, and you won't be getting any money for shilling for them.

Re:Blackberry not compatible with anything

[Ed Tice]

Seriously? There are real BB fans out there. I'm one of them ( and not an AC ). I changed from a Blackberry Z/10 to a Nexus/6 when my company got bought and the acquiring organization wouldn't support the device. (Mobile Iron doesn't support Blackberry). The Nexus/6 is *way* better for things like going on Facebook, buying movie tickets, and every other non-productive activity. But when it came to getting stuff done, the Blackberry Hub was really the ultimate in UI design. BBRY isn't going to do well because most companies are going to BYOD. And if somebody has to fork out $500 of their own money for a device and has to choose between one that is great for personal use and marginal for business use and one that is great for business use and marginal for personal use, they will always choose the former. I also hear that BES is really hard to maintain. I have no first-hand experience. But I will certainly switch back to Blackberry if it becomes a possibility for me. If I want an Android device for recreation, I would rather use a tablet.

Re:

[KGIII]

Everyone who does not agree is a paid shill. It is what we do here. You are obviously a BB shill - a paid one at that. I am retired but I'd take money to shill for a product. Hell, I do not even have to like the product. I do not see any job postings for this job, though.

Re:

[Pubstar]

I worked as an intern at a moderately sized company. Once I figured out how to sync a BB phone with the Exchange server (which only had a 50% chance of working, 10 minutes between each try), the guy responsible for the BES said "Great, you know how to do this now. I get 4 months of not dealing with this anymore!". The BES is a total fucking nightmare to work with, and I was only doing very basic things with it. I feel sorry for the poor bastard that had to set up the BES and do the higher level admin wo

Re:

[Ed Tice]

The funny thing is that many companies running BES don't even need it. Pretty much any device out there (Blackberry, Android, iOS) will synchronize via ActiveSync without the need for any mobile device management software. Exchange servers supporting ActiveSync are available on the public internet and all you have to do is to point your device at it. In this scenario, I don't even see the expensive MDM products adding any value. There are *some* places where you can't get to ActiveSync over the internet

Re:

[Pubstar]

The thing is that if you want full control over the device (such as remote wipe), you need the BES to manage that part of the system. So yes, while you are able to sync the device with ActiveSync without a BES, you lose all management that the BES provides for BB phones.

With the android phone I had hooked up with ActiveSync, the permissions to remote wipe my phone were assigned when I had it sync with our Exchange server. AFAIK, those options are not assigned when working with BB phones over ActiveSync

Re:

[Ed Tice]

This works the same in Blackberry 10 the same as Android, iOS, and Windows Phone. The older (pre-QNX) Blackberries screen-scraped Outlook Web Access to get their mail if you didn't have BES. ActiveSync is probably good enough for 90% of organizations out there without any additional MDM software.

Re:

[Pubstar]

Yeah, but the place I was working at regularly handled information and data that fell under International Traffic in Arms Regulations (ITAR) regulations. We had people helping us doing some migrations off of Lotus Notes in India, but if a person was flagged as handling ITAR information, everything had to be handled in house.

That is also why they were very anal about everyone's device having the ability to be remote wiped should it be lost or stolen.

Re:

[Ed Tice]

If you are handling ITAR materials, you need to worry about more than just remote wipe. You're going to need a device that's "not compatible with anything." Doesn't matter if I can remote wipe the stolen device if all of the data has already leaked. This is where tools like MobileIron and BES come in. These solutions have both a server and a device component. (You don't notice the client portions on a BB10 since they are built in). They client apps attempt to keep the sensitive data isolated from other

Re:

[Ed Tice]

This is funny. But is also, unfortunately, -1 WRONG. QNX can run all Android applications and has for quite some time now. They aren't as nice as native apps, but they all run.

Re:

[Lunix Nutcase]

QNX can run all Android applications and has for quite some time now.

No, it can't run all Android applications and even BlackBerry doesn't claim that.

Re:

[Ed Tice]

Neither can Android run *all* Android applications! Go the Play store some day and it will show you which of your devices are compatible with the app. Sometimes none of your devices are compatible. Maybe a particular Blackberry device doesn't run as many Android apps as an Android device but it runs a lot of them. And Android devices don't run QNX apps. I would always dislike it when there wasn't a native Blackberry version of an application and I had to use the Android version. But even your rejoinde

Re:

[Lunix Nutcase]

And you don't even need to believe me. Scroll to the bottom of this page [blackberry.com] and read this disclaimer that exists on all BB 10 pages about Android apps:

Android app support and compatibility will vary by smartphone and/or software version.

And also notice how they only mention being able to install apps from Amazon's App Store not Google Play.

Re:

[Ed Tice]

Of course there is a disclaimer for things they don't control. But the fact is that Android apps run quite well. You can install the Amazon store using Blackberry World. You can side-load any Android apps that you want. There is also another disclaimer that comes up whenever you run an Android app with a reminder that they have an inferior security model. Don't take my word for it, go Google the disclaimer. I had a Z10 for years and ran any Android app that I wanted. They were a bit slow. But otherw

Re:

[narcc]

Google Play is a different issue entirely. You'll find countless Android devices that don't have access to Google Play either. It has nothing to do with compatibility, only with Google's artificial restrictions. Not that it matters, as you'll find little worth-while that isn't also available through other channels, like Amazon's App Store.

As for support, it looks really good to me. My wife is the big app user, and she has yet to find an Android app that didn't run, or even one that ran poorly compared t

Re:

[davester666]

QNX can't run shit. It's the underlying OS, basically a standalone embedded OS. It needs a completely separate layer above the OS to actually present a UI.

What's the story? We already know it's not the OS.

[xxxJonBoyxxx]

It's pretty clear that Blackberry's right about the OS here. From TFA:

"The researchers themselves did not target QNX specifically, but rather the connectivity software that runs on top of QNX, called uConnect which, using cellular connections, offers Internet access, navigation, voice command capabilities and other features to drivers."

Re:What's the story? We already know it's not the

[TemporalBeing]

It's pretty clear that Blackberry's right about the OS here. From TFA:

"The researchers themselves did not target QNX specifically, but rather the connectivity software that runs on top of QNX, called uConnect which, using cellular connections, offers Internet access, navigation, voice command capabilities and other features to drivers."

Exactly. It's no help that everyone is connected on the CAN-bus with little in way of security there...

Re:

[Carewolf]

Trolling. Somebody is pushing the story as either clickbait or fud.

Re:

[Anonymous Coward]

Yeah, I was at the Defcon talk on Saturday, or was it Friday, it all blends together. It was because the designers ran everything as root and used D-Bus on port 6667 with no authentication and was accessible via the internet. Also, none of the software was signed in any way, allowing them to replace the firmware as they pleased.

Re:

[LWATCDR]

Yep it is right up with Clinton Denies killing babies.

Re:

[Mr. Droopy Drawers]

OK, sounds like uConnect is a trusted application? Who wrote uConnect? Seems like they're the ones' with some 'splainin' to do'...

Re:

[Anonymous Coward]

OK, sounds like uConnect is a trusted application?

Not really. uConnect listened to a port on the built-in wifi hotspot and on the cellular internet connection, AND uConnect had no encryption, AND uConnect required NO authentication.

It's like running Tomcat as your webserver on linux, but leaving the Tomcat admin interface wide open to the public with no authentication.

It's certainly a big problem, but it has nothing to do with the underlying OS.

Who wrote uConnect?

Chrysler and/or Harmon Kardon.

Re:

[Mr. Droopy Drawers]

thanks for the tip. Didn't think of Harmon Kardon as being the vendor for this, uh, app. NTSA seems to call them out explicitly [reuters.com] in their complaint.

Circumnavigate?

[JustAnotherOldGuy]

Circumnavigate?

Umm, no. That is not how that word is used. I think they meant "circumvent".

Re:

[Trevelyan]

We need a catchy media name for this spate of car hacks that have inundated us this last week or so.

Of all the XYZ-gate names contrived for controversies since watergate, "Circumnavigate" is the first one I actually like.

The Circumnavigate Controversy of 2015, costing Chrysler Millions of USD and Tesla Thousands (in bug bounties)!!

Re:

[gstoddart]

But surely nobody expects the editors to do any, you know, editing.

That would be preposterous.

Re:

[KGIII]

That would help the three people that read the summary and maybe stop the one person from clicking through to the article. It's not a bug - it's a feature.

Re:

[GrumpySteen]

Congratulations on your mastery the dictionary. Perhaps you could put those skills to work teaching the submitter how to use the word properly.

The hackers didn't go around or bypass or circumnavigate the entertainment system. They hacked the entertainment system and used it to bypass other security measures. If they had not gone through the entertainment system, they would not have been able to compromise the vehicle's communication network.

Re:

[glenebob]

They clearly meant "circumcise".

The blame fall squarely on Jeep

[Anonymous Coward]

If you want to automate your car to the point where the driver cannot control the vehicle under the worst of circumstances, then you've made a choice that uConnect, QNX, or anyone else is to blame. If you're going to automate vehicles, then you're going to pay the process when it fails.

Re:

[Runaway1956]

Maybe - maybe not. When the "engineers" set this thing up, they probably established permissions. I'm not all that familiar with QNX, but I believe it actually has a security model. If the rules were written to permit this peripheral to do that, and another peripheral to do thus, then the OS can't be blamed for the results of those permissives rules.

Kinda like Android. Linux is a pretty robust, reliable, and secure operating system. So, the "engineers" put Linux on a phone, then wrote a bunch of silly-

Re:

[MountainLogic]

Please, this is an embedded OS, not computer (or pocket computer masquerading as a phone). There should not "apps" in an embedded OS. The entertainment system must be architected as a whole and the car must be architected as a whole. Given this is a life/safety critical device there must be a hard separation between the nice to have things like the radio and critical systems like the brakes. Especially if you have a system that has open ports, OTA upgrades or even are connected. The executives, engine

Re:

[stackOVFL]

This! Although at the time I said, well wasn't that easy, BMW was able to perform a FW download to my car while it was sitting in the parking lot at work. I didn't even know it was happening until I saw a news article on it. I'm sure BMW and the other car makers are trying to be careful (I hope that's true) and this all sounds neat until something like this comes along and them you go "what if...". Yes it scares the crap out of me too.

Re:

[KGIII]

BMW is excellent at this - so far. I can not fault them - yet. I will be displeased when they screw up. I am nearly certain that they will BUT it is BMW so I expect it to be repaired quickly and professionally when they do make an error. I am, obviously, a fan of BMW. In fact, my new (and first "bespoke") BMW is due in on Thursday. I ordered a very nice custom 640Li. I drove the test model at the dealer and nearly just bought that so that I could take it home and molest it in private. The dealer was not imp

Re:

[Rufty]

But it will get blamed for it. The Windows NT kernel has a very sophisticated security model, and look how well the rest of Windows builds on that.

Re:

[MightyYar]

QNX, at least when I used it 10 years ago, is a real-time unix-like OS. It runs basically no services by default... it is as bare-bones as it gets. We used it to control a vision system. You CAN load it up with as much extra gunk as you like - even X11. It is possible that the flaw was in a Blackberry-supplied component - but the OS itself is whatever you want to make it.

Old guy story

[H0p313ss]

Amusingly, in while taking first year university courses in 1993, I placed second in a programming competition that was sponsored by OTI (now IBM) and QNX (now Blackberry).

First prize was a licensed copy of QNX, second prize was a 2400 baud modem. I think I got a better deal with the modem.

Re:

[Xiaran]

I was a QNX2/4 programmer around that time in Australia. A fully licensed QNX OS was AUD1000 at that time. QNX was and still is the best operating system I have ever had the pelasure to write software and device drivers for.

Re:

[Xiaran]

Photon was indeed the GUI that shipped with QNX6/Neutrino. The pricing back then(and probably now) could be a little weird and confusing. A full OS(usually for development) could be really pricey. But the OS was extremely modular because it was embeddable in small control devices without user IO or even any kind of comms all the way up to server type things. So it was easy to jigsaw together a system that could remove unwanted components like the GUI, the TCP/IP stack and even the file system.

Re:

[Grishnakh]

Hopefully when Blackberry goes out of business, they'll open-source QNX.

Re:

[H0p313ss]

Being their only quality product, it will likely remain profitable and be spun off and continued as proprietary.

Bingo

Re:

[KGIII]

Wait, what? They are running QNX on airplanes? I realize an OS is just what is underneath it but, well, every time I think of QNX I think of nothing but cell phones. Is it really that stable?

Re:

[KGIII]

I looked into it and they are much older than I thought they were. Strange... I never even heard about them until the phones. It is interesting that they are a RTOS as well.

Re:

[Xiaran]

QNX is a true microkernel. Device drivers crashing will not bugger the kernel because they do not run at ring 0. It does this via an extremely fast and deterministic message passing system. Writing a device driver in QNX is like writing a normal app... you can fire it up in a debugger without anythign like SoftICE and run it... if it crashes you just restart it.

Back in the day the QNX people used to have a joke about them selling more licenses than MS every year. Which they did. QNX was in all sorts of S

Re:

[drkstr1]

Think "embedded systems" rather than "phones." It's not really intended as a smart phone OS, although you could easily build one using QNX as the base system.

Re:

[KGIII]

Yeah, I went on and did some searching shortly after posting. I learned that it is actually a mature UNIX OS and a RTOS. I was kind of shocked and a bit curious as to why I had not guessed it was UNIX based on the name - hindsight and all that, I suppose. I'd never heard of it until BB and never looked into it. So, to my mind, it was similar to saying airplanes were being run on Android or iOS.

Re:

[Grishnakh]

RTOSes don't all compete with each other. QNX, for instance, has preemptive multitasking, which is something you would not ever use in many "CAN'T FAIL" use cases such as avionics. For those, you usually use a very small, simple RTOS with cooperative multitasking and predefined time-slices for each task. Something with preemptive multitasking is not deterministic, so it's not allowed.

Re:

[Xiaran]

QNX may or may not be used in avionics but QNX has a strict priority-preemptive scheduler that fully supports hard real time applications.

Re:

[KGIII]

It looks like some of that stuff is still free. After reading some of the thread I decided to investigate and I came up with this:
http://www.qnx.com/download/ [qnx.com]

I have nothing better, or more productive, to do in my spare time so I may poke at it and see where I can go. I wonder if I can get it on a Pi? I have a Pi and can just use that if it works. I have, of course, no reason to have a Pi other than it looked like fun at the time. I have unboxed it once. I can not think of anything to do with it. Maybe I sho

Re:

[H0p313ss]

A 2400 in 1993 is a pretty lousy prize.

Wave from OTI!

True. But infinitely better than no modem at all, which is where I was as a broke student. I begged & borrowed hardware all through my schooling. My desktop in 1993 was a 286 with a monochrome screen and no hard drive.

And QNX? A quality product, but what's a student with a 286 going to do with that?

Re:

[mevets]

1993 qnx ran fine on a 286. The 32bit version was still a few years away at that point. 286 + 2M ram made for a decent development machine.

Re:

[H0p313ss]

Old guy? Are you really that big of a fucking idiot?

Well one of us is.

circumnavigate

[neo-mkrey]

I don't think that word means what you think it means.

Makes sense to me

[Anonymous Coward]

An operating system could be the most secure OS in the world but it won't matter for anything if a buggy insecure application is running on top of it.

Re:

[KGIII]

A very valid point. We are very guilty of that sort of thinking here. Whenever there is a bug or exploit on a common Linux distro then it is, "Linux is the kernel!" Yet if there is an exploit in IE then it is, "Windows has shitty security!" The actual Windows kernel is pretty damned secure and seldom has any security issues - when was the last time you heard of a bug or exploit that directly impacted explorer.exe?

An OS is only as secure as the person in front of it and the software that is installed on top

Architectural Problem

[Anonymous Coward]

Disclaimer: I work in electrical architecture in the automotive industry, and I have started focusing on security.

Perhaps I am biased by my profession, but the issue here is not that the U-Connect system had malware. The issue is that the U-Connect system could cause the vital control systems in the vehicle to do nasty things. That is an architectural problem of the first order.

Bugs will always exist, and some are bound to be security vulnerabilities. This high-order bit is not that the system had bugs.

Re:

[Pubstar]

Yeah, I'm kinda wondering why the entertainment system is hooked up to the car's vital systems. It makes zero sense to do that. Even if it was to display vehicle information, you could just use the OBD information from the car, as you can set that up for Output Only if you really wanted to.

The issue is not technical

[t0mek]

Engineers who work on steering, brakes, transmission and other core systems in the car are much more experienced than those who code up an entertainment system. The core engineers cost more, use much stricter (therefore longer and more costly) processes and so on. It would be wasteful to throw all that experience, time and money into non-critical system that doesn't need it. Jeep, quite rightfully, did sensible thing there. But running all systems on shared core or bus was asking for trouble. And they got what they asked for.

Maybe next time they should try drive a pacemaker from an Android phone they also use to play games watch kitten videos, you know, to save the cost of the pacemaker's own microcontroller and battery. What can possibly go wrong?

Re:

[t0mek]

I meant: *Software* engineers who work on steering...", Sorry for the confusion.

Re:

[t0mek]

An experienced engineer would give more quality within the same time but at higher budget because it costs more to hire an experienced one :) Either way, from engineering perspective, an in-car audio player of acceptable quality may crash occasionally but obviously it mustn't make the car crash with it. I'm pretty sure that someone in the engineering department pointed that out. But that's not engineers who usually pull the strings and make final decisions...

So, What system are they actually blaming?

[Mr. Droopy Drawers]

I've been following this -- I thought -- pretty closely. There's a smoking gun. To answer the recall, they've got to actually do something. What's the "fix"? Yank out the radio? Does that fix it?

Seems to me that a lot of this stuff is going to get worse before it gets better due to "smart" features such as collision avoidance, remote start, an the like. There will likely be a management device with privileged access to the CAN bus. What measures are being put into to place to protect that trust?

Take a look

[stackOVFL]

A interesting (and terrifying) article on this subject: http://money.cnn.com/2014/06/0... [cnn.com] It points out that in the 90's when the system was designed it wasn't a issue as it was a closed system. The CAN based system was never intended to be connected to anything. The ramifications of a wireless connected car with zero security should make everyone very concerned. It's just a matter of time before someone locks up your right front brake when you're doing 80 MPH. That the government is mandating this (RTA)

Re:

[Pubstar]

The government mandate on that is a load of bullshit. It means that everyone is going to have to buy new cars or do expensive retro-fits with the new gear. I prefer to be in control of my car. I've gotten out of some nasty situations by having good reaction times.

One thing that I have to wonder is if there is a sudden stop, do the systems take into account quality of the braking systems (new vs. old fluid, quality of master cylinder, brake pad/rotor wear) and suspension systems (blown shocks, aftermar

Security system of the Jeep Cherokee ..

[nickweller]

Did no one at QNX, BlackBerry or FCA ask the frickin question as to whether the Jeep was immune to wireless hacking.

Re:

[mevets]

QNX is a component; they donâ(TM)t make jeeps. The system most likely runs on an Ti/ARM; did anybody at Ti or ARM ask if the Jeep was immune to hacking?

The customer is the right person to ask.
Cust: Is this car immune to hacking?
Sales: yes.
Cust: Where, in the warrantee does it say that?
Sales: uhm...