Digital license plates, which are already approved in states like California, Arizona, and Michigan, are revolutionizing vehicle identification. Modern benefits, such as customized displays and stolen vehicle alerts, are made available with these plates, although traditional metal counterparts cannot match them.
Recently, some shocking security revelations brought forth disturbing vulnerabilities that could potentially be exploited.
Hacking Digital License Plates is a Thing Now
IOActive Security Researcher Josep Rodriguez told WIRED that he uncovered the critical flaw in Reviver's digital license plates, the leading U.S. provider.
By making some physical tampering of the plates, Rodriguez was able to "jailbreak" their firmware. Thus, the users can change the displayed number on the plate or even spoof another identity to some other vehicle, an incident which may raise concerns in regards to traffic enforcement evasion as well as toll fraud.
Rodriguez demonstrated how taking the plate away and putting on a cable, loading with customized firmware will allow Bluetooth commands to modify the display of the plate instantaneously.
Hacking this way disables the enforcement systems, including cameras speed monitors, and toll booths, and, in the process can unfairly victimize innocent drivers due to fraudulent traffic ticket assignments.
Jailbroken License Plates Go Beyond GPS Tracking
Besides evading traffic tickets, jailbroken plates could utilize built-in GPS capabilities for free without the $29.99 monthly subscription from Reviver. Also, hackers could hack the plates of unsuspecting motorists to alter them, monitor vehicles, or alter their numbers. This further enhances privacy and security concerns.
A Defect Difficult to Repair
The vulnerability is from flaws at the hardware level in Reviver's chips, which cannot be corrected through simple software updates.
Rodriguez says that the solution for fixing the problem would have been to replace the entire hardware, which is practically unfeasible for the 65,000 plates sold.
While Reviver asserts that the hacking process requires "specialized tools" and great expertise, Rodriguez counters this argument by stating that once the methodology is reverse-engineered, it is about as easy to execute as jailbreaking an iPhone.
If the jailbreak tool became leaked online, widespread abuse would be made.
Defensive Measures: What's Being Done?
Reviver has agreed to re-engineer its plates so that they contain more secure chips and explicitly remind customers that it is an offense to tamper with a license plate. The company also points to the protections in place, for example, owner alerts when their plate has been taken. Still, according to Rodriguez, those precautions can be circumvented.
The Larger Context: Toward Regulation
This isn't the first time Reviver's system has faced scrutiny. In 2022, another security researcher exploited vulnerabilities in the company's web infrastructure to manipulate plates remotely. While those issues were quickly patched, hardware flaws remain a persistent concern.
More and more states are debating on digital license plates as the future and it's when experts like Rodriguez and Sam Curry call regulators and lawmen to address this kind of vulnerability. Chaos can prevail if their strength about license plate security is compromised with their sole reliance.
Future Digital License Plates Need to Undergo Security Improvement
Digital license plates might be the modern standard for license players. This is the period where automotive innovation is boundless, but their potential for abuse raises questions about readiness and regulation. Ensuring the systems are secure enough to become increasingly popular is of the utmost importance.
As for Curry, people will always find a way to exploit the new techs. All the industry needs to do is respond and understand that it's the reality we're living in.
