This work concerns a dissection of QNX’s proprietary, real-time operating system aimed at the embedded market. QNX is used in many sensitive and critical devices in different industry verticals and while some prior security research has discussed QNX, mainly as a byproduct of BlackBerry mobile research, there is no prior work on QNX exploit mitigations and secure random number generators. In this work, carried out as part of the master’s thesis of the first author, we present the first reverse-engineering and analysis of the exploit mitigations, secure random number generators and memory management internals of QNX versions up to and including QNX 6.6 and the brand new 64-bit QNX 7.0 released in March 2017. We uncover a variety of design issues and vulnerabilities which have significant implications for the exploitability of memory corruption vulnerabilities on QNX as well as the strength of its cryptographic ecosystem.
This scientific article is not for people with short attention spans.
Not very good for people like m.. Oooooh shiny!
Use of unicode ligatures makes part of the text hard to search and it also breaks if the font doesn’t support ligatures: http://www.fileformat.info/info/unicode/char/fb01/index.htm
It is also unneccessary, the font engine will automatically replace fi with the fi-ligature if supported by the font.
I found that in swedish hospitals, the respirator consoles runs QNX so i asked the administrator for IT at a local hospital and he claimed that many devices runs the system in sweden due to its resilliance to crashes.
I do not know if that is the sole reason, but it might be. Could anyone enlighten me why such a system would be chosen for such serious life and death applications?
I think some Ford models also run QNX.
judgen,
I have zero insider knowledge, but here are some possible reasons:
QNX is a microkernel, which has potential benefits that we’ve debated on osnews from time to time.
QNX is “real time”, which means the OS can make absolute guaranties in terms of scheduling critical events, whereas most conventional desktop & server operating systems are considered “best effort”. While most operating systems may work fine most of the time, they either don’t or can’t guaranty it 100% of the time, which makes them less suitable for life and death applications.
Other OS design aspects can come into play too. The notorious linux “out of memory killer” is a prime example of a “feature” that causes corruption/crashes/data loss. For better or worse, linux is designed to opportunistically allocate memory without guarantying memory to back the requests. Many linux subsystems do not fail gracefully under low memory conditions, leading to instability. Linux relies on swap to mitigate the risk, but in any case linux behavior isn’t well defined under these edge conditions, which makes it less fit for life-critical medical applications.
That said, it’s very common here to see hospitals/doctors running windows terminal monitors, so it may depend on the degree to which real time constraints become life critical.
It is used in cars because it is a real time operating system. So it can make hard guarantees that it will handle an event in a certain number of milliseconds. You need that for stuff like breaks and power steering.
It can also reboot part of itself without rebooting everything in case something goes wrong because it is micro-kernel. Again a thing you need when you are computer responsible for peoples life or death.
All of that though also makes it a bit handicapped and more complicated to develop for.
Outside of an autonomous vehicle, the only part of a car where you will find QNX is in the infotainment system.
All the mechanical systems are managed by microcontrollers.
That is the strange thing to me. For infotainment you do not need an RTOS, as everybody can attest by just checking the personal infotainment system they carry around with them in their pocket. It normally runs a Linux or Darwin kernel, which is not RT but fine for that purpose.
I would guess it is a legacy thing why they use QNX in cars.
No, it doesn’t “normally run a Linux or Darwin kernel”. QNX is used in a lot of infotainment systems in cars these days, so it’s actually becoming more rare to see it run a Linux or Darwin kernel.
I think ThomasFuhringer meant “normally run a Linux or Darwin kernel” for “the personal infotainment system they carry around with them in their pocket” – a.k.a. smartphone.
Every time I see QNX I think back at the old 1.4MB floppy distro they had. Very impressive for the day.
https://www.youtube.com/watch?v=K_VlI6IBEJ0
Brought back memories …but be sure to turn the horrendous background music off
At one time QNX was owned by Harmon. It got into the auto market because of their products. It’s now owned by BlackBerry, so it’s in their products.
Some commercial realtime operating systems have already been certified for use by whatever regulatory agency your product may need approval from. If QNX has been certified for medical and auto use, then it becomes attractive to companies. It is painful to roll your own OS, then demonstrate compliance in front of a regulatory agency.