Digital license plates sold by RIVER were recently hacked, allowing any text or image to appear on the display. This makes it possible to circumvent traffic regulations and law enforcement, and even charge tolls and tickets to other drivers. The advantage of digital license plates is that they can be changed into novelty messages or flagged when a car is stolen, which is gaining popularity.
As Wired reported, the jailbreak was demonstrated by Josep Rodriguez, a security researcher at security firm IOActive. He removed the sticker on the back of the plate, attached a cable to the internal connector, and rewrote the firmware. The plate can then be commanded via Bluetooth from a smartphone app to change the display and what it shows. The security flaw used to jailbreak the plates exists at the hardware level of the chip itself, so Reviver cannot fix the problem with a simple software update.
The flaw could allow bad actors to evade any system that uses license plate numbers for policing or surveillance, from speeding tickets to parking tickets to tracking criminal suspects. It would also allow hackers to take advantage of license plate features such as GPS tracking without paying a $30 monthly fee.
Reviver states that jailbreaking is “a criminal offense subject to prosecution by law enforcement, and the jailbreaking techniques identified by IOActive require physical access to the vehicle and plate, plate removal, specialized tools, and expertise” and that “this scenario , limited to individual malicious actors who willfully violate laws and product warranties and is highly unlikely to occur under real-world conditions.”
The removal of the plate requires a side step that notifies the owner when the plate is removed from the vehicle, meaning that the hacker must interfere with the plate's radio communication while tampering with it, but Rodriguez said his overall reverse engineering method requires no technical complexity and would be as easy as jailbreaking one of the best iPhones, he says.
Regardless, Reviver continues to redesign future license plates to avoid using chips vulnerable to this technique in the future.
Comments