DUI defendants are asking courts to mandate source code reviews on the software that runs breathalyzer devices to determine if bugs or malware is present. While it’s easy to see how this tactic would be employed in attempts to get charges reduced or dropped, the more serious issue could be the device failing to detect when a person is under the influence, thus sending them back on the road. Two independent reviews weigh in, according to an Ars Technica article.
The reviews differ in scope and offer different conclusions, but they both agree that the code falls below industry-standard best practices and that it contains bugs. The [Base One] report identifies 24 major defects and points to a wide range of troubling issues. The analysts discovered that the embedded software disables safeguard features built into the device's processor that are intended to detect and prevent the execution of invalid or corrupt instructions. The researchers contend that this circumvention can lead to unpredictable results in the event of fatal errors.
In his blog, security expert Bruce Schneier further notes:
Read More >