Three weeks ago, 1st of April, taxi drivers of Taxi Göteborg started to report errors in their alcolocks of their cars. Later, it was realized that all alcolocks of the model AL-100 from Dignita were being erroneous. Dignita is a Swedish tech company developing safety-promoting products and services for traffic and workplaces. As their alcolocks controled whether the vehicles would start or not, and the AL-100 was installed in various vehicle fleets used for different transportation services, it affected quite many sections. For example, busses to public schools, taxi travels in general and other transportation services within healthcare and home care services, etc. Another group also affected were people who have been convicted of drunk driving, and consequently have had this type of alcolock installed in their cars. Dignita also delivers alcolocks for the Finnish and Norweigian market, so a lot of vehicles were standing still this first day of April in the Northern countries. In Sweden:

Västtrafik, responsible for public transport in the Västra Götaland region, with over 444 000 customers every day were severely affected.

For the approximately 80 cars used in Kungsbacka municipal’s home care services, the AL-100 prevented them to operate and service personal begun to uninstall the alcolocks from the vehicles.

In the municipal of Skellefteå, the municipal’s property management personnel were told to use their own personal cars.

Anders Eriksson, CEO at Dignita Systems AB, said on April 1st to Sweden’s Radio Ekot that the attack was either some kind of cyberattack, or at least a date fraud. Later that day, Dignita solved the problem with a temporary solution resetting each unit’s date temporarily to before April 1, 2021. However, users were not able to perform this date-resetting on their own, so affected units from the affected countries had to be handed over to an approved service technician for repair.

Today, Dignita has a software update for the AL-100 which will restore the alcolocks to work as before. However, the update must be performed by an authorised service partner of Dignita and takes about 15 minutes to complete.

Whether this was a cyberattack or not, it indubitably had a vital effect on the social infrastructure as it disrupted and disabled some large vehicle fleets for transportation services. More than three weeks has passed now, and hopefully Dignita will be transparent with the root cause of the malfunctioning AL-100 to mitigate future similar bugs or attacks within the automotive sector. The attention of the incident is still quite low within the global cybersecurity community, depending on the outcome of Dignita’s investigation, that might change.

Written by Joakim Rosell.