Researcher demonstrates how to hack digital license plates, evade tolls

Skye Jacobs

Posts: 1,994   +58
Staff
A hot potato: Digital license plates, legal in several states and gaining traction nationwide, are vulnerable to manipulation by their owners or other malicious parties, potentially enabling illegal behavior that could undermine traffic enforcement systems, according to IOActive's security researcher Josep Rodriguez, who has uncovered potential vulnerabilities in these high-tech plates.

As digital license plates become more prevalent, with California, Arizona, and Michigan already allowing their use, their security implications are becoming increasingly relevant. "You should assume people will mess with them," security researcher Sam Curry told Wired.

Digital license plates, such as those produced by Reviver, the leading manufacturer in the US, allow drivers to change their plate display remotely, flag stolen vehicles, and even display custom messages. With 65,000 plates already sold, this technology is poised to become increasingly common on American roads.

Rodriguez, though, has discovered a technique to jailbreak these digital plates, allowing users to alter their license plates at will. This vulnerability could have far-reaching consequences for traffic enforcement and surveillance systems that rely on license plate identification.

Rodriguez's method involves physically accessing the plate, removing a sticker, and connecting a cable to internal connectors. Through this process, he can rewrite the plate's firmware, enabling it to receive commands via Bluetooth from a smartphone app. This jailbreak could theoretically allow drivers to evade tolls, parking tickets, and automatic license plate readers used by law enforcement.

"You can put whatever you want on the screen, which users are not supposed to be able to do," Rodriguez told Wired. "Imagine you are going through a speed camera or if you are a criminal and you don't want to get caught."

The implications of this vulnerability extend beyond simple evasion. Rodriguez points out that a jailbroken plate could potentially display the number of another vehicle, potentially framing innocent drivers for violations they didn't commit.

And because this security flaw is rooted within Reviver's chips, the issue cannot be resolved through a simple software update. To effectively address the vulnerability, Reviver would need to replace the affected chips in every digital license plate display they have produced. Consequently, the existing digital license plates are likely to remain susceptible to manipulation for the foreseeable future.

Reviver, when contacted about these findings, emphasized the illegality of such actions and the physical access required to exploit this vulnerability. "This scenario is highly unlikely to occur in real-world conditions, limiting it to individual bad actors knowingly violating laws and product warranties," it said.

Reviver also told Wired it was redesigning its license plates to avoid using chips vulnerable to Rodriguez's hacking technique in the future.

Reviver maintains that hacking its plates would require "specialized tools" or "expertise" – a claim that Rodriguez says is ultimately untrue. Rodriguez's method involved a sophisticated fault-injection process. He physically connected wires to the plate's internal chip and carefully monitored its voltage. It was only by inducing a precise voltage fluctuation at a critical moment that Rodriguez was able to bypass the plate's security measures, allowing him to examine and modify its firmware.

However, Rodriguez then used the gathered information to create a streamlined jailbreaking tool. This new tool significantly simplifies the process, eliminating the need for the intricate technical steps involved in the original method. Rodriguez said he wasn't planning on releasing the tool.

This isn't the first time Reviver's systems have been scrutinized. In 2022, security researcher Sam Curry discovered web-based vulnerabilities that allowed him to gain administrative access to Reviver's backend database. Unlike Rodriguez's hardware-based approach, these issues were quickly patched by Reviver.

Permalink to story:

 
If you give people physical access to a device, it will probably end up getting hacked. And for something like digital license plates, well how long do you think it will take before legit-looking knock-offs show up on Aliexpress? Knock-offs that let you display anything you want.

That said, I am not a fan of license plates in the first place, and consider them a major privacy violation. So I guess I welcome the spread of digital plates, as it will make avoiding that privacy violations much easier. As for now I just have those tinted covers on my plate, and make sure it says dirty when I wash the rest of the car.
 
If you give people physical access to a device, it will probably end up getting hacked. And for something like digital license plates, well how long do you think it will take before legit-looking knock-offs show up on Aliexpress? Knock-offs that let you display anything you want.

That said, I am not a fan of license plates in the first place, and consider them a major privacy violation. So I guess I welcome the spread of digital plates, as it will make avoiding that privacy violations much easier. As for now I just have those tinted covers on my plate, and make sure it says dirty when I wash the rest of the car.
having a lightbar in certain places on my truck, even if it isn't turned on, is illegal. However, people are allowed to have digital license plates that can change to basically whatever you want at will? How is that not illegal? What the hell is wrong with a stamped steel plate?
 
having a lightbar in certain places on my truck, even if it isn't turned on, is illegal. However, people are allowed to have digital license plates that can change to basically whatever you want at will? How is that not illegal? What the hell is wrong with a stamped steel plate?
Well its only legal in 3 states; my completely wild guess would be that the company that makes the approved digital plates made some heavy lobbying efforts on those state governments to get them approved. In theory the digital plates are supposed to be highly restricted in what they can display - either the license plate #, or basic messages like STOLEN if the car is reported stolen. That last part is the only (rather mild) advantage I can see over having plain steel plates. But yeah, they are really, really stupid, and if for some dumb reason they get more popular / legal in more states I fully expect unlocked Chinese knock-offs to show up.
 
Well its only legal in 3 states

Yeah, but per Article IV, Section 1 of the Constitution, "Full Faith and Credit shall be given in each State to the public Acts, Records, and judicial Proceedings of every other State. And the Congress may by general Laws prescribe the Manner in which such Acts, Records and Proceedings shall be proved, and the Effect thereof."

So if it is legal (to register/decide to use) in 3 states, they should be able to take their digital plates anywhere in the country and use them, unless Congress allows otherwise somewhere. Though admittedly the interpretation of this clause for this use case could go either way.
 
Being able to flag a stolen vehicle remotely sounds awesome. But the fact that someone could potentially frame you by displaying another car’s number is pretty scary. How much convenience are we willing to trade for security?
 
Did they really thinks that digital devices can't be hacked? From what we see each and every device can be hacked sooner or later, whatever technology it uses. If not the device itself then someone will hack the servers that it depends on.
 
Yeah, but per Article IV, Section 1 of the Constitution, "Full Faith and Credit shall be given in each State to the public Acts, Records, and judicial Proceedings of every other State. And the Congress may by general Laws prescribe the Manner in which such Acts, Records and Proceedings shall be proved, and the Effect thereof."

So if it is legal (to register/decide to use) in 3 states, they should be able to take their digital plates anywhere in the country and use them, unless Congress allows otherwise somewhere. Though admittedly the interpretation of this clause for this use case could go either way.
It's called reciprocity and it isn't guaranteed by the US Constitution across all states. Take gun laws for example. Just because you have a gun license granted to you as a citizen of Utah, it definitely isn't honored in New York or California. Same goes for marijuana use. It's legal in some states but not others. But drivers licenses and marriage licenses are a different story. Reciprocity exists in those instances across all states and territories. If you have digital license plates from one of the 3 states where it's legal, you'll likely be pulled over if driving in states where they aren't legal, if for nothing else because those digital tags will get the attention of highway patrol officers who will be "curious".
 
Hacks are not needed. Normal people would not resort to hacking. "Professionals" don't need to hack the plates, they need fully unlocked clones. I don't see why they thought an epaper display or whatever that is has any advantages over a stamped steel plate.
 
Back