#BBFactCheck: QNX Neutrino OS was NOT hacked!

Jeep Cherokee UConnect 8.4 Screenshot (courtesy FCA)
Jeep Cherokee UConnect 8.4 Screenshot (courtesy FCA)

Back at the end of July, Wired.com posted an article that reported how hackers had managed to hack into the entertainment system of a Jeep Cherokee, taking control of the radio, windshield wipers and digital display – in fact, the hackers demonstrated that they had control of the Jeep’s dashboard functions, steering, brakes and transmission. This worrying attack on the vehicle’s systems was mounted from a laptop that was NOT directly connected – in fact, it was 10 miles away!

As a direct result of the news of this hack, FCA (Fiat Chrysler Automobiles) issued a recall for 1.4 million vehicles that may be affected. A class action is also apparently underway, and the USA’s National Highway Traffic Safety Administration is also investigating and will be publishing  a report on its findings.

On August 7th, Seeking Alpha published an article with the long (and ever-so-slightly trollish) title “BlackBerry: The Class Action Lawsuit Resulting From The ‘Jeep Hack’ Could Negatively Impact QNX Sales“, which asks whether the hack resulted from a vulnerability in the QNX Neutrino OS (which the Jeep Cherokee’s entertainment system, UConnect, is based).

Today, BlackBerry issued a #BBFactCheck response to Seeking Alpha’s article (you can read it here). Although the article doesn’t give away much information on the hack, it does say that there is no such vulnerability in QNX Neutrino OS. The article explains:

the OS can play a key role in enabling reliability and security. An infotainment system such as the one in question has several software components in addition to an OS. The security of such a system is only as strong as the weakest link. In this particular case, the vulnerability came about through certain architecture and software components that are unrelated to the QNX Neutrino OS.

More importantly, the fact that Fiat Chrysler Automobiles, Harman International (who makes the UConnect infotainment system along with FCA) and Sprint (the mobile company whose network was used in the hack) have all implemented measures to prevent this kind of attack demonstrates that those three companies have admitted their liability.

If, like so many others, reading these articles from Wired.com and Seeking Alpha has you worried about the safety of the QNX Neutrino OS in your own vehicle (it has, after all, been installed in over 60,000,000 vehicles worldwide) – you can rest assured.

QNX has never been hacked.

BlackBerry has never been hacked.

Why else would both Apple (Apple CarPlay) and Google (Android Auto) use it to secure their systems?

Jon Hunnings

(Step-)father & husband. I code directly on my #BlackBerry devices, in between blogs! Contact me via Twitter: @BrizBerryDevs or via email: brizberrydevs@utbblogs.com