Security researchers were able to compromise computer systems for the sole provider of digital license plates in the Golden State, enabling them to track all customers’ vehicles and manipulate elements of the license plate.
The would-be hack was discovered during a security sweep of the auto industry including Reviver, the sole contractor providing monthly subscriptions to its digital license plates.
Driving the news: Unlike vanity plates, digital license plates offered by Revolver are able to feature custom messages adopted by the driver-user.
- California drivers opting for a Reviver plate pay $20 to $25 per month for the privilege of having the digital license plate on their vehicles.
- The message at the bottom of the license plate can be customized by the user to feature a personal message akin to a license plate frame.
Go deeper: A team of web security consultants, led by Sam Curry, were able to gain “super administrative access” to the company’s management system.
- The hacker team was able to track the physical GPS location of the license plate and could change the customizable text on their plates remotely.
- Hackers also had the ability to update a given user’s vehicle status to “stolen,” which updates the plates themselves and notifies law enforcement
The other side: For its part, Reviver noted that it quickly patched up its security vulnerabilities following the discovery.
- “We are proud of our team’s quick response, which patched our application in under 24 hours and took further measures to prevent this from occurring in the future. Our investigation confirmed that this potential vulnerability has not been misused. Customer information has not been affected, and there is no evidence of ongoing risk related to this report. As part of our commitment to data security and privacy, we also used this opportunity to identify and implement additional safeguards to supplement our existing, significant protections,” the company told Vice.