The Canadian company disclosed vulnerabilities in software used in various products, including medical equipment.
U.S. drug regulatory agencies and federal agencies have stated that the software designed by BlackBerry Co., Ltd. has network security vulnerabilities, which may put the cars and medical equipment that use it at risk and expose highly sensitive systems to attackers.
On Tuesday, the Canadian company disclosed a vulnerability in its QNX real-time operating system (QNX RTOS) that could allow an attacker to execute arbitrary code or flood the server with traffic until it crashes or goes down, and then issues a warning.
The software is used by automakers such as Volkswagen, BMW and Ford for many key functions, including advanced driver assistance systems.
BlackBerry stated that the issue will not affect the current or latest version of QNX RTOS, but will affect 2012 and earlier versions, adding that currently, no customers have indicated that they are affected.
The US Cybersecurity and Infrastructure Security Agency (CISA) stated that the software is used in a wide range of products, and its compromise “may lead to malicious actors controlling highly sensitive systems and increase the risk of critical national functions,” CISA said.
The federal agency affiliated with the Department of Homeland Security and the company said they have not found any cases of actively exploiting the vulnerability.
The US Food and Drug Administration said that even if a medical device manufacturer assesses which systems may be affected, it does not know of any adverse events.
The company also stated that it has notified affected potential customers and has provided a software patch to solve the problem.
Politico magazine cited two sources familiar with negotiations between the company and federal cybersecurity officials (including a government employee) as saying that BlackBerry initially denied that the vulnerability affected its products, and later refused to publicly announce it.