Monday, December 23, 2024

Hackers can jailbreak digital license plates to force others to pay tolls and tickets

Share

Digital license plates, which can now be legally purchased in an increasing number of states and driven across the country, offer several advantages over their metal predecessors. You can change their display on the fly to, for example, place the registration number in a news frame or signal that your car has been stolen. Now one security researcher has shown how they can be hacked to enable a less innocuous feature: arbitrarily changing a car’s registration number to avoid fines and tolls, or even assign them to someone else.

Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique for “jailbreaking” digital license plates sold by Reviver, a leading supplier of license plates in the US (65,000 plates have already been sold). By removing the sticker on the back of the board and plugging a cable into its internal connectors, he is able to rewrite the Reviver board’s firmware in a matter of minutes. Then, after installing this custom software, your jailbroken license plate can receive commands via Bluetooth from an app on your smartphone to instantly change the display to display any characters or image.

Rodriguez points out that this vulnerability to hacking could allow drivers with license plates to bypass any system that depends on license plate numbers for law enforcement or surveillance purposes, from tolls to speeding and parking tickets to automatic license plate readers that police exploit to track crime suspects. “You can put whatever you want on the screen that users shouldn’t do,” Rodriguez says. “Imagine that you are walking through a speed camera or you are a criminal and you don’t want to get caught.”

Worse still, Rodriguez points out that a jailbroken license plate can be changed not only to any number, but also to the number of another vehicle, the driver of which will then receive tickets and receipts for the malicious user’s trip. “If you can change your license plate number whenever you want, you can cause serious problems,” Rodriguez says.

Any traffic bugs aside, Rodriguez also notes that jailbreaking the plates could also allow drivers to exploit the plates’ features, including built-in GPS tracking, without paying Reviver’s $29.99 monthly subscription fee.

Because the vulnerability that allowed him to rewrite the boards’ firmware exists at the hardware level – in Reviver’s chips themselves – Rodriguez says Reviver has no way of patching the problem with a elementary software update. Instead, it would have to replace these chips on every display. This means the company’s license plates will likely remain vulnerable despite Rodriguez’s warnings – a fact, Rodriguez says, that transportation policymakers and law enforcement should be aware of as digital license plates are rolled out across the country. “It’s a big problem because you currently have thousands of license plates that have this problem, and to fix it you need to change the hardware,” he says.

Latest Posts

More News