This article is from the source 'rtcom' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.rt.com/usa/532388-blackberry-security-flaw-downplay-cisa-warning/
The article has changed 3 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| BlackBerry stayed quiet for months on software backdoor that could let hackers CRIPPLE 200mn cars & hospital ventilators – reports | BlackBerry stayed quiet for months on software backdoor that could let hackers CRIPPLE 200mn cars & hospital ventilators – reports |
| (8 days later) | |
| BlackBerry reportedly tried to cover up a critical software flaw that could potentially allow hackers to target nearly 200 million cars and sensitive hospital devices like ventilators – months after the vulnerability was spotted. | BlackBerry reportedly tried to cover up a critical software flaw that could potentially allow hackers to target nearly 200 million cars and sensitive hospital devices like ventilators – months after the vulnerability was spotted. |
| On Tuesday, the Canadian tech firm finally issued an alert that widely-used versions of one of its premier products – an old operating system called QNX – were affected by the flaw called ‘BadAlloc’. Other tech companies had gone public with their own warnings about the issue in May. | On Tuesday, the Canadian tech firm finally issued an alert that widely-used versions of one of its premier products – an old operating system called QNX – were affected by the flaw called ‘BadAlloc’. Other tech companies had gone public with their own warnings about the issue in May. |
| The same day, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) announced the company’s QNX Real Time Operating System (RTOS) could be compromised by “malicious actor(s).” | The same day, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) announced the company’s QNX Real Time Operating System (RTOS) could be compromised by “malicious actor(s).” |
| Due to the “wide range of products” using the software, the alert warned that the loss of “highly sensitive systems” posed a “risk to the nation’s critical functions.” | Due to the “wide range of products” using the software, the alert warned that the loss of “highly sensitive systems” posed a “risk to the nation’s critical functions.” |
| The operating system is also embedded in train controls, factory automation systems, medical robots, hydroelectric plants and even the International Space Station’s “mission-critical command and data handling subsystem.” The CISA urged “critical infrastructure organizations” to patch their products immediately. | The operating system is also embedded in train controls, factory automation systems, medical robots, hydroelectric plants and even the International Space Station’s “mission-critical command and data handling subsystem.” The CISA urged “critical infrastructure organizations” to patch their products immediately. |
| Despite the ominous warning and potential danger, however, both the CISA and BlackBerry had apparently sat on the info for months while privately discussing how best to disclose the information. | Despite the ominous warning and potential danger, however, both the CISA and BlackBerry had apparently sat on the info for months while privately discussing how best to disclose the information. |
| A Politico report cites two unnamed sources “familiar with [these] discussions” as claiming the company had first denied the problem existed and then “resisted making a public announcement.” | A Politico report cites two unnamed sources “familiar with [these] discussions” as claiming the company had first denied the problem existed and then “resisted making a public announcement.” |
| Even after the CISA had confirmed its products were impacted, the sources said BlackBerry officials only acknowledged the problem after months of official prodding. | Even after the CISA had confirmed its products were impacted, the sources said BlackBerry officials only acknowledged the problem after months of official prodding. |
| But the company told the agency it would “reach out privately” to its direct customers and warn them – instead of making a public alert. | But the company told the agency it would “reach out privately” to its direct customers and warn them – instead of making a public alert. |
| “Their initial thought was that they were going to do a private advisory,” a CISA employee told Politico, adding that BlackBerry “realized that there was more benefit to being public” over time. | “Their initial thought was that they were going to do a private advisory,” a CISA employee told Politico, adding that BlackBerry “realized that there was more benefit to being public” over time. |
| The outlet accessed a CISA presentation that showed many BlackBerry customers would not come to know about the potential danger unless informed by the company, the government or the various equipment manufacturers that embedded the RTOS in their devices. | The outlet accessed a CISA presentation that showed many BlackBerry customers would not come to know about the potential danger unless informed by the company, the government or the various equipment manufacturers that embedded the RTOS in their devices. |
| The CISA apparently even noted that the US Defense Department was helping to find “acceptable timing” for BlackBerry’s announcement. However, the outlet noted that the company only agreed to issue a public statement “a few weeks ago.” | The CISA apparently even noted that the US Defense Department was helping to find “acceptable timing” for BlackBerry’s announcement. However, the outlet noted that the company only agreed to issue a public statement “a few weeks ago.” |
| BlackBerry representatives did not deny that it initially resisted a public announcement in a statement to Politico, but maintained that it had “actively communicated to those customers regarding this issue.” | BlackBerry representatives did not deny that it initially resisted a public announcement in a statement to Politico, but maintained that it had “actively communicated to those customers regarding this issue.” |
| When asked about whether the company originally believed QNX was not affected by the flaw, the company said an initial probe had “identified several versions that were affected,” but claimed the “list of impacted software was incomplete.” | When asked about whether the company originally believed QNX was not affected by the flaw, the company said an initial probe had “identified several versions that were affected,” but claimed the “list of impacted software was incomplete.” |
| Meanwhile, the CISA cyber division chief Eric Goldstein told the outlet that they “were not aware of any active exploitation” of the issue but declined to address the CISA’s conversations with BlackBerry. | Meanwhile, the CISA cyber division chief Eric Goldstein told the outlet that they “were not aware of any active exploitation” of the issue but declined to address the CISA’s conversations with BlackBerry. |
| The CISA reportedly expects to brief foreign governments on the risks. | The CISA reportedly expects to brief foreign governments on the risks. |
| If you like this story, share it with a friend! | If you like this story, share it with a friend! |
| Dear readers and commenters, | |
| We have implemented a new engine for our comment section. We hope the transition goes smoothly for all of you. Unfortunately, the comments made before the change have been lost due to a technical problem. We are working on restoring them, and hoping to see you fill up the comment section with new ones. You should still be able to log in to comment using your social-media profiles, but if you signed up under an RT profile before, you are invited to create a new profile with the new commenting system. | |
| Sorry for the inconvenience, and looking forward to your future comments, | |
| RT Team. |