speckxCyberattack on vehicle breathalyzer company leaves drivers stranded in the US
We need to legally mandate a single physical switch that disables all vehicles radios, and a second that factory resets everything but the odometer and vehicle fault logs / black box.
That's an extremely attractive attack surface. How about we just have keys to turn on the engine?
I once helped someone get their car home after one of these was installed. Their license would not be returned until it was installed, but they weren't allowed to leave it on the lot. Someone else drove it there, and then I got to experience the breathalyzer to drive it home.
The interesting part is how bad the interlock was. First off, it can apparently randomly not work, so you get three tries. Worse yet, per the official documentation, apparently they can misdetect an ignition while driving at speed, and when that happens you have to pull over and blow within thirty seconds. Now, this is not something you can do while driving, as you have to look at the camera while you do it, on top of needing to have a deep breath. There's no motivation to improve this, because the customer is the legal system, not the person who has to have it installed
Isn’t there a proposed law to install these into every single new car?
Not really the same. There are proposals to require OEMs to install driver monitoring, but it’s usually IR camera based rather than blow in a tube fuel cell based. These systems are probably going to be a mess but the technology isn’t really comparable to DUI interlock devices and the unreliability of those systems is orthogonal.
Nothing specific yet, but the legal groundwork has been laid both in the US and in the EU. Starting in July, all new cars sold in the EU will need to be able to fit after-market alcohol interlocks. In the US, interlocks are already mandatory for convicted DUIers in most states, but new cars will also have to come with factory installed drunk driving prevention technology in the coming years. We just don't know how far that mandate will go eventually.
Old cars sound better and better every year now.
The fragility of putting ignition control behind a third party cloud service was always going to end like this. Someone had to find out the hard way.
We need a software building code. This wouldn't be allowed to happen with non-software. The fact that anyone can build any product with software, make it work terribly, and when it fails impacts the lives of thousands (if not millions), needs to be stopped. We don't allow this kind of behavior with the electrical or building code. Hell, we don't even allow mattresses to be sold without adding fire resistance. The software that is critical to people's lives needs mandatory minimum specifications, failure resistance, testing, and approval. It is unacceptable to strand 150,000 people for weeks because a software company was lazy (just like it was unacceptable to strand millions when CrowdStrike shit the bed). In addition to approvals, there should be fines to ensure there are consequences to not complying.
I have no idea why you'd been downvoted. Everything you said is common sense. I guess this is a case of "it's hard to get a man to understand something if his paycheck depends upon him not understanding it."