This work concerns a dissection of QNX's proprietary, real-time operating system aimed at the embedded market. QNX is used in many sensitive and critical devices in different industry verticals and while some prior security research has discussed QNX, mainly as a byproduct of BlackBerry mobile research, there is no prior work on QNX exploit mitigations and secure random number generators. In this work, carried out as part of the master's thesis of the first author, we present the first reverse-engineering and analysis of the exploit mitigations, secure random number generators and memory management internals of QNX versions up to and including QNX 6.6 and the brand new 64-bit QNX 7.0 released in March 2017. We uncover a variety of design issues and vulnerabilities which have significant implications for the exploitability of memory corruption vulnerabilities on QNX as well as the strength of its cryptographic ecosystem.
This scientific article is not for people with short attention spans.
BlackBerry QNX is an embedded operating system targeting applications in the automotive, general embedded, and medical markets. However, it is not your garden-variety embedded OS: QNX is a full-blown, UNIX-like, POSIX-compliant operating system with all of the features you would expect of a desktop or server-class OS. Compatibility with other systems means that, at least in theory, porting various open source projects to SDP 7 should be a relatively easy task. And so, while there is no official support in this release for a desktop environment, there is nothing precluding someone from building such a system. With that in mind, I set myself the task of building a BlackBerry QNX 7 desktop.
Written by QNX kernel developer Elad Lahav, so you know the information in this article is solid.
QNX Software Development Platform (SDP 7.0) includes the next generation 64-bit QNX Neutrino RTOS and the award-winning QNX Momentics Tool Suite. It provides a comprehensive, multi-level, policy-driven security model incorporating best-in-class security technologies from BlackBerry, which help guard against system malfunctions, malware and cyber security breaches. Building on existing certifications including ISO 26262, IEC 61508 and IEC 62304, QNX SDP 7.0 also brings a proven safety pedigree. Various features, including: microkernel architecture, file encryption, adaptive time partitioning, and high availability framework, make QNX SDP 7.0 the most advanced and secure embedded OS developed for use in all safety and mission critical applications.
That's an incredible amount of marketing speak for such a short paragraph, and sadly, the official press release isn't much better. QNX let go of what small enthusiast support among hobbyists it had almost a decade ago, and at this point it's so buzzworded up I barely recognise it anymore.
This was a long, long time ago.
A mutex is a common type of lock used to serialize concurrent access by multiple threads to shared resources. While support for POSIX mutexes in the QNX Neutrino Realtime OS dates back to the early days of the system, this area of the code has seen considerable changes in the last couple of years.
Ford today took the wraps off its next generation in-car technology package. Called Sync 3, it's expectedly faster, sleeker and much improved from the old one. It's also more intuitive, easier on the eyes and better integrates smartphone apps. But the biggest change is under the hood: Sync 3 is powered by QNX instead of Microsoft Auto.
The car has become yet another platform battleground.
QNX 6.6 has been released. There are quite a lot of changes, but - sady - I doubt many of us work with QNX itself. It's quite popular in the embedded world, and, of course forms the foundation for BB10 - which has not exactly been a stellar success. Anywho, there's a pretty big change in 6.6:
The new Screen Graphics Subsystem replaces the Photon microGUI, including PhAB, Phindows, and QNX Neutrino Advanced Graphics. Usually referred to simply as "Screen", the Screen Graphics Subsystem allows off-screen rendering and can composite graphics from different rendering technologies, including HTML5, Elektrobit GUIDE, Crank Storyboard, Qt, and native (e.g., OpenGL ES) code.
Photon has been such a core part of QNX' identity for me that it's kind of weird to see it go.
Connectivity to smartphones and other mobile devices is a key strength of QNX Software Systems’ platform for car infotainment systems, and many automakers and tier one automotive suppliers use our platform to implement smartphone/head-unit integration in their vehicles. We have a long-standing partnership with Apple to ensure high-quality connectivity with their devices, and this partnership extends to support for Apple CarPlay.
Yes, Apple CarPlay runs on QNX. Makes sense - I'm guessing (?) in-car software needs a lot of certification and testing, which QNX' in-car platforms all already have.
This is a quick demonstration of the QNX 1.4 megabyte floppy disk demo.
QNX is an advanced, compact, real-time operating system. This demo disk, released in 1999, fits the operating system, the "Photon MicroGUI", and the HTML 3 capable Voyager Web browser all on a single 1.4 meg disk!
So far no emulator or virtualizer I have tried will run this QNX demo 100%, so this is running on real hardware. The video is captured with a VGA capture device.
QNX is one of the most intriguing operating systems of all time. This demo disk is one of those things that, even today, blows my mind. Be sure to watch through the whole video, especially the part where extensions are downloaded and run from the web, all on a single 1.44 MB floppy.
One key asset BlackBerry owns is QNX, the real-time based OS it bought in 2010. QNX is microkernel based, versus the monolithic kernel used by many OS's like Linux. BlackBerry bases its tablet and phone OS's on QNX, which also remains a popular commercial OS for embedded systems.