Security Researchers Say They Hacked California’s Digital Licence Plates, Because Duh

Security Researchers Say They Hacked California’s Digital Licence Plates, Because Duh

Only a few months after they officially launched, a security researcher and his friends have managed to pwn California’s new digital licence plates.

Yes, for the past several years, Cali has been on a weird mission to digitize its car tags. Advocates claims that this modernisation effort will offer a host of benefits to drivers, including “visual personalisation” and easy in-app registration renewal, but security experts have long warned that if you hook your plates up to the web, somebody will inevitably try to mess with them.

Now, only a few months after the California legislature passed a law to legalise digital plates, that’s exactly what has happened.

In a blog post published last week, bug hunter Sam Curry noted that he and his friends had recently managed to attain “full super administrative access” to all of the user accounts linked to Reviver, the digital contractor responsible for selling California’s modernised plates.

Reviver sells a thing called the RPlate, or a “smart plate.” Basically, it’s a battery-powered digital display that gets affixed to a vehicle’s rear and then projects the car’s information. The plate allows users to share different graphics and words on the plate, and also comes with an app that includes car monitoring and safety features. The going rate for one of these things, which are also available in Arizona and Michigan, is $US20 ($28) a month, according to Reviver’s website.

Unfortunately, Reviver’s pricy, hi-tech solution also comes with some hi-tech problems. Curry and his friends investigated the Reviver app and website, discovering a vulnerability that allowed them to gain full administrative access to “all user accounts and vehicles for all Reviver connected vehicles.”

What could they do with that access? Among other things, they found they had the power to track the GPS locations of every single registered user, manipulate data on users’ plates, and even report specific vehicles as stolen (Reviver has an in-app feature that allows cars to be reported as stolen to authorities).

“An actual attacker could remotely update, track, or delete anyone’s REVIVER plate,” Curry writes. “We could additionally access any dealer (e.g. Mercedes-Benz dealerships will often package REVIVER plates) and update the default image used by the dealer when the newly purchased vehicle still had DEALER tags.”

Gizmodo reached out to Reviver for comment but did not hear back. In a statement provided to Motherboard, the company admitted that it had patched software vulnerabilities that allowed for the intrusion to take place.

“We are proud of our team’s quick response, which patched our application in under 24 hours and took further measures to prevent this from occurring in the future. Our investigation confirmed that this potential vulnerability has not been misused. Customer information has not been affected, and there is no evidence of ongoing risk related to this report,” the statement partially reads.

Let’s be honest: some things really don’t need to be digitised. As boring as it is, I think I’ll be sticking with non-hackable tags for the foreseeable future.


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.