Mere months after California legalized customizable, 5G-powered smart license plates, a hacker has found ways to take control of them and cause all sorts of mischief - in the name of science.
White hat hacker Sam Curry reveals in a blog post how he and his nerdy pals got full access to every account on the network of Reviver - the only company vetted by the state of California to sell the digital plates.
The battery-powered plates have 5G connectivity and allow users to customize the graphics and wording on the plates, including to report a stolen vehicle and display the sign STOLEN.
The device can also track a vehicle’s whereabouts to track mileage on zero-emission vehicles and apply for low-carbon fuel standard credits from the state.
While the invention sounds promising, the tables are turned when hackers apply their tricks to it.
With remote access to the plates, Curry and his hacking crew were able to:
Curry reached out to Reviver with his findings before publishing the research. The vendor quickly applied patches, telling Motherboard:
“Our investigation confirmed that this potential vulnerability has not been misused. Customer information has not been affected, and there is no evidence of ongoing risk related to this report. As part of our commitment to data security and privacy, we also used this opportunity to identify and implement additional safeguards to supplement our existing, significant protections.”
In light of this development, Reviver said cybersecurity remains a central aspect of its mission to modernize the driving experience, pledging to work with experts to better secure its products.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all posts