Intoxalock cyberattack blocks ignition interlock calibrations

A cyberattack on an Iowa-based ignition interlock provider left some drivers unable to start their own cars after routine calibrations became impossible. Ars Technica reports that Intoxalock’s backend systems went down on March 14, disrupting the monthly service process that keeps the devices from triggering lockouts.

Ignition interlocks are mandated in many US states after DUI convictions. Intoxalock’s device is leased—typically $70 to $120 per month, according to Ars—and requires drivers to blow into a handset to start the vehicle. Some configurations also log GPS location and capture a photo during tests. The system can also demand “random retests” while driving, with a short window to pull over and provide another breath sample.

The interruption was not just an inconvenience; it exposed how the product is designed around centralized availability. Calibration is a recurring requirement, and missing the calibration window can trigger a lockout. When Intoxalock’s databases and backend were unavailable, local service centers could not complete calibrations, pushing compliant users toward the same outcome as noncompliant ones.

Ars says Intoxalock attempted to manage the fallout by authorizing 10-day calibration extensions starting March 18. But those extensions did not work on every device version and did not apply in several states. The company also promised to cover user costs, including towing fees, when those costs were “a direct result” of the outage—an offer that still leaves drivers to prove causality after the fact.

The episode illustrates a broader pattern in connected control systems: once a device can immobilize a car, the weakest link is no longer the hardware in the dashboard but the infrastructure behind it. A design built for compliance enforcement—central tracking, recurring authorization, and time-based lockouts—also creates a single operational choke point. When that choke point fails, the cost lands on the person who needs the car to get to work, take children to school, or reach medical care.

Regulatory requirements can intensify the dependency. Interlocks are not optional consumer products; they are often a condition for keeping driving privileges. That makes the customer base unusually captive, and it makes resilience less of a competitive differentiator than it would be in a market where users can switch providers easily.

By March 22, Intoxalock said its systems had resumed and calibrations and installations were possible again. In online forums cited by Ars, users were discussing class-action lawsuits.

For ten days, a breath-test box and a downed database were enough to decide whether a car would start.