Digital license plates can be hacked to avoid tolls, fines and tickets

3 weeks ago 5

(Image credit: Land Rover Los Angeles)

Digital license plates sold by Reviver have recently been hacked to allow their displays to show any characters or images – which could permit them to evade traffic regulations, law enforcement or even to charge their tolls and tickets to other drivers. The benefits of a digital license plates have become popular for their ability to be changed to a novelty message or even be flagged when a car has been stolen.

As reported by Wired, the jailbreak was demonstrated by security researcher Josep Rodriguez from the security firm IOActive, who removed a sticker on the back of the plate and attached a cable to the internal connectors to rewrite the firmware. The plate can then be commanded via Bluetooth from a smartphone app to change the display and what it shows.

Digital license plates are currently legal to buy in California, Arizona and Michigan, and commercially legal in Texas; they’re legal to drive with nationwide though. Reviver is a leading seller of digital plates and has sold roughly 65,000 of them – because the security flaw that Rodriguez used to jailbreak the plates exists on a hardware level in the chips themselves, Reviver cannot resolve the issue with a simple software update.

The plates will remain vulnerable despite the warning of the flaw, which could allow bad actors to evade any system that uses license plate numbers for enforcement or surveillance from speeding to parking tickets to tracking criminal suspects. It would also allow hackers to use the plates’ features, like the built-in GPS tracking, without paying the $30 a month subscription fee.

Reviver has stated that the jailbreaking activity would “be a criminal act subject to prosecution by law enforcement and the jailbreak technique identified by IOActive requires physical access to the vehicle and plate, plate removal, specialized tools, and expertise,” and that “this scenario is highly unlikely to occur in real-world conditions limiting it to individual bad actors knowingly violating laws and product warranties.”

While the plate removal does require side stepping a notification to the owner when the plate becomes detached from the vehicle, which would mean the hacker would have to jam the plates’ radio communications while tampering with it, Rodriguez says that his overall reverse engineering method doesn’t require technical complexity and would be as easy as jailbreaking one of the best iPhones.

Regardless, Reviver is still redesigning its future license plates to avoid using chips that are vulnerable to this technique in the future.

Get instant access to breaking news, the hottest reviews, great deals and helpful tips.

More from Tom's Guide

Only 3 of the top 150 Android apps can detect reverse engineering tool Frida — here's why that's bad
Microsoft just fixed 72 Windows security flaws — update your PC right now
Charging your iPhone? You might want to stay away from third-party USB-C cables

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps.

Read Entire Article