Hackers Gained Access to California’s Digital License Plates

Emmet White

January 11, 2023 at 1:39 PM·4 min read

california becomes first state to test new digital license plates — California’s Digital License Plates Were HackedJustin Sullivan - Getty Images

A team of web developers found numerous security issues in California's digital license plate carrier, Reviver.
With access through the plate's SIM card, hackers were able to see the real-time location and registration address, delete or alter the tag, and even mislabeled the vehicle as stolen.
Reviver has patched the issues since, but privacy advocates say the digital plate program poses security and data challenges that outweigh the supposed convenience.

Do license plates really need to be hard metal? It's 2023, after all, and at least three states in the US have answered that very question by legalizing digital license plates. California is the latest adopter of the technology, following Arizona, Michigan, and Texas in launching its own digital license plate program in October 2022. But residents should think twice before opting into the new technology.

That's because a team of web security researchers led by Sam Curry found weaknesses in the software built into the Reviver-supplied California license plates, the company leading the push for digital plates. Thanks to the SIM card found in the plates, these web security experts were able to easily hack into the administrative back end of Reviver.

The team explained their hacking process in a thoroughly technical blog post and, while the developer jargon doesn't mean much to the average car owner, it's clear just how vulnerable these digital plates are.

Once the team established full administrative access, they could see the details of every user's account, including vehicle type and physical address. Every vehicle with a Reviver plate could also be tracked by GPS in real-time, and the hackers could change or add any slogan to the plate. Additionally, the security function of the plates that label the car as stolen could be abused, allowing hackers to mislabel the vehicle as stolen at a moment's notice.

Fleet management functions were also easy targets, with the hackers able to locate and manage all vehicles across a number of companies' fleets. This could become problematic for vehicles bearing dealer tags, as the hackers could easily wipe those identifications away. One of the most glaring issues found in the investigation was that consumer and commercial tags could be simply deleted by bad actors.

Since the blog post went live on Jan. 3, Reviver has subsequently patched the issues, releasing this statement to Motherboard: "We are proud of our team's quick response, which patched our application in under 24 hours and took further measures to prevent this from occurring in the future. Our investigation confirmed that this potential vulnerability has not been misused. Customer information has not been affected, and there is no evidence of ongoing risk related to this report."

Privacy advocates, such as the Electronic Frontier Foundation, expressed concerns about the security lapse, in addition to the unclear destination and duration of the data accumulated by Reviver. Based in Granite Bay, California, Reviver said it doesn't share data with law enforcement, the DMV, or any third-party organization, and previously claimed that it uses the same security standards that banks use.

Reviver was founded in 2009, put their first prototypes on the road in 2015, and in 2017 had their first 1000 digital plates in operation. In California, Reviver's pilot program started with 175,000 digital plates on the road.

Because the team of web security researchers do these hacking probes in good faith, Reviver has learned a valuable lesson in cybersecurity and, at least for now, no harm has been done to its customer base. But the breach exposes the unique weaknesses of the digital plate, like making the plate display something offensive.

Time will tell if consumers adopt the digital plate more widely, as the states that have adopted it say it gives car owners more of a choice and makes registration easier. But the possibility for increased headaches could sway owners to stick with the classic stamped aluminum.

Would you consider using a digital license plate? Why or why not? Please share your comments below.

HuffPost
George Stephanopoulos Brings House Down With First Thing He'd Ask At Biden-Trump Debate
Stephen Colbert's "Late Show" audience erupted over the proposal.
The New Republic
Michael Cohen Schools Trump’s Dumb Lawyer
The key witness in the hush-money trial was forced to remind Donald Trump’s attorney how the law works.
The New Republic
Pathetic Trump Already Trying to Weasel Out of Debating Biden
After agreeing to two debates with Biden, Donald Trump seems to be trying to set up an excuse to escape the whole thing.
HuffPost
Mary Trump Thinks She Knows Exactly Why Ivanka And Don Jr. Haven't Turned Up In Court
Their no-show at Donald Trump's hush money trial is down to two things, said the former president's niece.
Fox News
Here are all the restrictions Biden's team demanded in their Trump debate offer
President Biden's offer to debate former President Trump came with significant strings attached, limiting the nature of the 2024 debates.
CinemaBlend
Mike Tyson Explains Reason For Shorter Rounds In Jake Paul Fight, And I Just Got Chills
Mike Tyson explained the reason for the shorter rounds in their professional bout, and I'll admit I'm even more thrilled for this Netflix event.
The Hill
Manchin, GOP senators move to overturn retirement investment planning rule
Sen. Joe Manchin (D-W.Va.) and a group of Republican senators are moving to overturn a retirement investment planning rule that was finalized by the Labor Department last month. The Labor Department unveiled the new rule last month that would update the definition of an investment advice fiduciary under the Employee Retirement Income Security Act. Manchin…
The New Republic
Lauren Boebert Admits Exactly Why Trump Stooges Descended on Trial
They’re not even trying to hide it anymore.
The Hill
Gorsuch, Alito break from conservatives on CFPB ruling
Two of the Supreme Court’s most conservative justices broke away from other right-leaning members of the nation’s high court in a decision to preserve the Consumer Financial Protection Bureau (CFPB) — but a third led the majority opinion that sided with the Biden administration. Justices Samuel Alito and Neil Gorsuch dissented from the Supreme Court’s…
The Hill
At least 9 GOP lawmakers are at Trump trial, which could be a problem for Republicans
At least nine Republican lawmakers traveled to New York to appear in court alongside former President Trump on Thursday, the latest in a string of GOP lawmakers to attend the hush money trial. The move could jeopardize GOP attendance at a key vote later in the day and also comes after the House Oversight and…
Fox News
Slain Microsoft exec's ex-wife wished 'good luck!' to hit man she allegedly paid to carry out murder: witness
Shanna Gardner, who is accused of killing her ex-wife, Jared Bridegan, with help from her second husband allegedly wrote 'good luck!' on a check to a hitman in April 2022.
The New Republic
Matt Gaetz, Lauren Boebert Brutally Roasted Outside Trump Trial
The Republican representatives at Trump’s hush-money trial tried to hold a press conference. It did not go to plan.
The Daily Beast
MAGA Rep’s Insane Biden Claim Is Too Much Even for Maria Bartiromo
Fox Business NetworkRep. Greg Murphy (R-NC) made a bizarre claim Thursday, insisting that he has “evidence” to support his allegation that President Joe Biden was “jacked up on something” during the State of the Union address. He even offered to show his so-called proof to Fox Business Network host Maria Bartiromo “offline.”The MAGA congressman’s wild accusation seemed to go too far for the pro-Trump conspiracy-loving Bartiromo, who once relied on “wackadoodle” claims made by a woman who thinks
NBC News
Suspect wanted in Steve Buscemi NYC sucker-punch identified
The man wanted in an alleged sucker-punch attack on actor Steve Buscemi on a Manhattan street has been identified by police as the search for the suspect continues.
NBC News
GOP Sen. Mitt Romney says Biden should have pardoned Trump
Sen. Mitt Romney said President Joe Biden should have pardoned Donald Trump and pressured New York prosecutors not to pursue the hush money trial against the former president.
The New Republic
Trump’s Idiot Lawyer Admits His Client Did Something Suspicious
Donald Trump’s attorney Will Scharf was trapped in questioning on that shady Michael Cohen payment.
The Telegraph
Algerian man missing for more than 25 years ‘held captive by neighbour’
An Algerian man who went missing more than 25 years ago and presumed dead has been found after he was held captive by a neighbour.
WJW
Father and daughter killed in deadly Ohio house explosion, police say
A father and daughter were killed in a house explosion early Thursday in an Ohio community, authorities said.
WCMH
National steakhouse returning to central Ohio with restaurant in former O’Charley’s
Watch a previous NBC4 report on O’Charley’s Ohio closures in the video player above. COLUMBUS, Ohio (WCMH) — A national steakhouse, which once operated several central Ohio restaurants that shuttered after the chain filed for bankruptcy, is returning to Columbus after purchasing a former O’Charley’s that closed last year for $2.6 million. Logan’s Roadhouse acquired […]
Us Weekly
Patrick Mahomes Once Said He Doesn’t Talk to Teammate Harrison Butker: ‘I Just Let Him Do His Thing’
Kansas City Chiefs quarterback Patrick Mahomes is a two-time NFL MVP and one of the faces of the reigning Super Bowl champions, but he does not have a relationship with his team’s kicker. Appearing on the Pat McAfee Show shortly after the Chiefs’ Super Bowl win in February, he revealed that he does not speak

Recommended Stories