Digital License Plates Are a Huge Mess, Hackers Gain Access to GPS Location Data

In one demonstration, white hackers have managed to gain access to Reviver’s license plates database and track the GPS location of all cars using digital license plates in California. Reviver is the only company authorized to sell digital plates in the state.
Digital license plates in California are vulnerable to hackers attacks 7 photos
Photo: Reviver
Digital license plate from ReviverDigital license plate from ReviverDigital license plate from ReviverDigital license plate from ReviverDigital license plate from ReviverDigital license plate from Reviver
The digital license plates have been touted as the best thing since sliced bread, with plans to extend the project from California to other U.S. states. Nevertheless, like any other information system, it is prone to hacker attacks with nasty implications. Based on the powerful capabilities of digital license plates, hackers could gain access to the GPS location of every vehicle using such a device. They can also make the plate display rogue messages, potentially endangering the car’s occupants.

This is not just science fiction because white hackers have already demonstrated it is possible. A team of security researchers (also known as “white hackers”) have managed to gain super administrative rights into Reviver’s information system. Such access grants the right to make system-wide changes and access all the functionalities of the digital plates installed on the vehicles throughout California and other states where Reviver has sold its services.

The hackers have been able to track the physical GPS location of all Reviver customers and change a selection of text at the bottom of the license plate. This section is reserved for personalized messages, which the user can program through the dedicated app. The vulnerability also allowed hackers to update any vehicle status to “STOLEN,” which updates the license plate with the appropriate text warning and alerts authorities. It could potentially endanger the life of the driver and the passengers, depending on how the police react to the information.

The hackers went even further and used the same privileged administrative rights to access user records, including what vehicles people owned, their physical addresses, phone numbers, and email addresses. More so, they gained access to the fleet management functionality for any company and located and managed all vehicles in the fleet. All these actions could have dire implications for people using Reviver services and digital license plates.

The hack was described in detail by the security research team in a blog post. It’s a rather long one and is not only related to Reviver but many other car companies. Reviver attracted the hackers’ attention thanks to the digital license plates that could be used to track vehicles. Nevertheless, the researchers were able to get deeper than expected in the Reviver’s IT system. According to Motherboard, the company has patched the issues identified by the researchers.

“We are proud of our team’s quick response, which patched our application in under 24 hours and took further measures to prevent this from occurring in the future,” Reviver told Motherboard. “Our investigation confirmed that this potential vulnerability has not been misused. Customer information has not been affected, and there is no evidence of ongoing risk related to this report.”

California launched the option to buy digital license plates in October, with Reviver as the sole provider. According to their statement, the plates are legal to drive nationwide and legal to purchase “in a growing number of states.” Customers pay a $20 monthly fee for a battery-powered plate or $25 for a wired plate.
If you liked the article, please follow us:  Google News icon Google News Youtube Instagram X (Twitter)
About the author: Cristian Agatie
Cristian Agatie profile photo

After his childhood dream of becoming a "tractor operator" didn't pan out, Cristian turned to journalism, first in print and later moving to online media. His top interests are electric vehicles and new energy solutions.
Full profile


Would you like AUTOEVOLUTION to send you notifications?

You will only receive our top stories