Cyberattack on vehicle breathalyzer company leaves drivers stranded in the US

I once helped someone get their car home after one of these was installed. Their license would not be returned until it was installed, but they weren't allowed to leave it on the lot. Someone else drove it there, and then I got to experience the breathalyzer to drive it home.

The interesting part is how bad the interlock was. First off, it can apparently randomly not work, so you get three tries. Worse yet, per the official documentation, apparently they can misdetect an ignition while driving at speed, and when that happens you have to pull over and blow within thirty seconds. Now, this is not something you can do while driving, as you have to look at the camera while you do it, on top of needing to have a deep breath. There's no motivation to improve this, because the customer is the legal system, not the person who has to have it installed

We need a software building code. This wouldn't be allowed to happen with non-software. The fact that anyone can build any product with software, make it work terribly, and when it fails impacts the lives of thousands (if not millions), needs to be stopped. We don't allow this kind of behavior with the electrical or building code. Hell, we don't even allow mattresses to be sold without adding fire resistance. The software that is critical to people's lives needs mandatory minimum specifications, failure resistance, testing, and approval. It is unacceptable to strand 150,000 people for weeks because a software company was lazy (just like it was unacceptable to strand millions when CrowdStrike shit the bed). In addition to approvals, there should be fines to ensure there are consequences to not complying.

The fragility of putting ignition control behind a third party cloud service was always going to end like this. Someone had to find out the hard way.

I am an Intoxalock user right now. My device was due for calibration three days after the onset of this breach. I called the mechanic that does the calibration and they said they could not access the Intoxalock system. My device said I was overdue. I still drove it for 2 days. Intoxalock did a partial fix and the service center was able to extend the period for my calibration for another 10 days, but still couldn't calibrate it. I need to schedule that calibration now. It was a minor inconvenience for me.

We need to legally mandate a single physical switch that disables all vehicles radios, and a second that factory resets everything but the odometer and vehicle fault logs / black box.

Good old "let's fire QA guys and give testing to the everyone else". It never fails to entertain. "The happy path checks all green, lets deploy!" :) .

Is there any indication that the source of the attack was Iran?

Imagine if an attack like this could disable ALL vehicles, and not just the ones fit with the breathalyzer socket. It could happen soon:

https://carcoachreports.substack.com/p/government-kill-switc...

Given Pete Hegseth’s history, this could be a huge national security issue.

If you search for Intoxalock on r/DUI you'll see this company has been notorious for a long time. They are regarded as the worst interlock provider by a very wide margin for various issues around reliability and service quality.

Now let's add an externally-controlled backdoor to everything else, too, and that'll work out great.

The issue here is not an OTA thing, for what it’s worth. That is to say, it’s not that these devices phoned home directly and a cloud server is down; rather, these devices require periodic “calibration” (due to a combination of regulation, legitimate technical need, and grift) at a service center and the service centers are out of commission, presumably due to ransomware.

I guarantee that basically nothing will come out of this.

People dont willingly put these alcohol breathalyzer interlocks on their vehicles. They're 100% court mandated, as a punishment for, usually, drunk driving.

This country is so hell-bent on making criminals' lives worse and worse as a never-ending punishment. So what 150k people cant use their cars. 'They did something wrong and deserve it', is the usual motto in the USA.

Now, lets have a discussion about software liability....

[dead]

The issue here has nothing to do with the device and everything to do with the fact that car-brained America is so cowardly and broken that they will do some Rube Goldberg stunt before they even consider taking cars away from alcoholics.

Why do people drink drive?