Digital license plates have been around for several years, promising to save states money shipping metal plates while also dragging their respective departments of motor vehicles into the 21st century. Except Wired reports they can also be hacked to change the plate number at will, allowing drivers to avoid paying tickets and tolls. In fact, they can also allegedly stick other drivers with their fines, which doesn’t sound good. That could even be considered bad, actually.
IOActive security researcher Josep Rodriguez reportedly discovered a way to jailbreak the Reviver-brand license plates that are already on 65,000 vehicles. It does require physical access to the license plate, but once he installed new firmware, he was able to use an app on his phone to change the number displayed on the license plate. While that would allow owners to avoid tickets, there’s also nothing stopping them from using another vehicle’s license plate number to stick them with the bill. There’s also no way for Reviver to update the software to prevent jailbreaking:
Because the vulnerability that allowed him to rewrite the plates’ firmware exists at the hardware level—in Reviver’s chips themselves—Rodriguez says there’s no way for Reviver to patch the issue with a mere software update. Instead, it would have to replace those chips in each display. That means the company’s license plates are very likely to remain vulnerable despite Rodriguez’s warning—a fact, Rodriguez says, that transport policymakers and law enforcement should be aware of as digital license plates roll out across the country. “It’s a big problem because now you have thousands of licensed plates with this issue, and you would need to change the hardware to fix it,” he says.
When Wired contacted Reviver for a comment, it said that jailbreaking one of its digital license plates to change the plate number “would be a criminal act subject to prosecution by law enforcement.” It also said that “the jailbreak technique identified by IOActive requires physical access to the vehicle and plate, plate removal, specialized tools and expertise. The also said “this scenario is highly unlikely to occur in real-world conditions, limiting it to individual bad actors knowingly violating laws and product warranties.” Reviver also claimed it was reworking its plates to use different chips that aren’t vulnerable to the same hack that Rodriguez used.
Rodriguez, however, pushed back against Reviver’s claim that jailbreaking its digital plates required fancy tools and rare expertise. Sure, the initial hack required more computer knowledge than the typical person has access to, but once he was in, he was able to develop a tool that pretty much anyone could use to change their own license plate, hack someone else’s or track their location. “They just need to connect a cable and install the new firmware, just like if you were jailbreaking your iPhone,” Rodriguez told Wired.
That said, if you do have one of Reviver’s digital license plates, there is one feature that will make it more difficult for someone to remotely connect you to a crime:
In addition to the physical access and time necessary to pull off that hack, however, a license plate saboteur would also need to overcome a feature of Reviver’s plates that sends a notification to the owner when it’s detached from a vehicle. That would require jamming the plate’s radio communications while tampering with it, Rodriguez notes, an added wrinkle that makes the attack even less practical, though perhaps not impossible.
So that’s at least comforting. Sort of. On the other hand, if you start getting tickets for things you didn’t do, at least now you know why.
