Digital license plates, a modern innovation in vehicle registration, have quickly gained traction in states such as California and Arizona, where they are currently legal to buy and register. As more states consider legalizing these plates, concerns about their security have emerged. Reviver, the leading vendor of digital license plates in the United States, has already sold 65,000 units. However, recent revelations by Josep Rodriguez, a researcher at the security firm IOActive, have exposed a significant vulnerability in these digital plates. Rodriguez's technique allows for "jailbreaking" the plates, enabling users to change the license plate number at will. This capability poses risks such as evading traffic tickets and tolls or even pinning them on other drivers.
Rodriguez discovered that the vulnerability originates from the hardware level within Reviver's chips, making it impossible to patch with a software update. His hacking method involves removing a sticker on the back of the plate and attaching a cable to its internal connectors. This setup allows him to rewrite the firmware within minutes. Rodriguez argues that his technique does not require "specialized tools" or "expertise," contrary to Reviver's claims.
"They just need to connect a cable and install the new firmware, just like if you were jailbreaking your iPhone," – Rodriguez
The implications of this hacking technique extend beyond personal use. Rodriguez highlights that anyone could target an unwitting owner of a digital plate and alter it without their knowledge.
"You can put whatever you want on the screen, which users are not supposed to be able to do," – Rodriguez
The ability to change a plate number arbitrarily means malicious users could assign their traffic violations to another vehicle, causing considerable inconvenience for innocent drivers.
"Imagine you are going through a speed camera or if you are a criminal and you don't want to get caught," – Rodriguez
Security concerns regarding Reviver's products are not new. In 2022, security researcher Sam Curry discovered vulnerabilities in Reviver's web infrastructure. These flaws allowed him to assume an administrator role in Reviver's backend database, providing him with the ability to track or change license plates at will. Before Reviver patched this issue, Curry's web hacking method was notably easier to execute than Rodriguez's hardware hacking.
"If you want to swap your license plate number, James Bond style, then drive at crazy speeds or something, you can change it for a few hours and change it back without even pulling into a parking garage," – Curry
Reviver has responded to these security challenges by redesigning its license plates to avoid using chips vulnerable to Rodriguez's hacking technique in future models. The company assures that the vulnerable module in its current plates does not include GPS capabilities. Despite these assurances, IOActive has expressed frustration over Reviver's lack of response to their findings. The security firm has repeatedly attempted to contact Reviver over the past year and even involved US CERT in efforts to address the problem.
"You should assume people will mess with them," – Curry
"And people need to accept the implications of that." – Curry
Digital license plates offer several advantages over traditional plates, including customizable displays and electronic registration renewals. However, these benefits come with new security risks that need addressing as technology continues to advance in the automotive sector.
Leave a Reply