Reviver says it’s mission is to “modernize” the driving experience, and the way it does that is by developing the world’s first digital license plate and connected vehicle platform.
But security researchers looking into how safe that “modernization” is have found a way to poke significant holes in this design. Some of the vulnerabilities discovered show that malicious outside actors can track GPS location of digital license plates owners.
Reviver rolled out digital license plates last October and is still the only company that sells them in California. They are being marketed as legal to use across the US, while it is also becoming legal to buy them in more and more states.
Those who own such plates, or plan to do so, will be interested to hear that researcher Sam Curry shared in a blog post that it is possible for hackers to access the “super user” admin mode of any user, and from there on effectively remotely take over.
Some of the things a hacker could do with Reviver plates is update or delete them, and track them via GPS. And if the attacker was in a mood to have even more “fun” with digital plates’ users, they could access the administrative account even just to change personalized messages displayed at the bottom – to read whatever they wished, reports note.
Drivers who opt for digital plates, meanwhile, can choose to pay $20-25 per month (battery or wired powered, respectively). But why would anybody do that? The marketing around Reviver seems to focus on customer experience “trinkets” such as the ability to display those personalized messages, not available with “old school” plates – but also some potentially more useful features, such as an app that would detect movement when a vehicle is supposed to be parked.
In that case, the plate would show the word, “stolen.”
Now with some pretty serious vulnerabilities coming to light, such as full access to GPS data, Reviver’s message, shared by Motherboard, is that this particular vulnerability has been patched. And the company assured everyone that there is no evidence it had been exploited.
There’s more promises: Reviver said it “took further measures to prevent this from occurring in the future.”