Digital License Plates Mean You Can Be Tracked, Hackers Find Out

refreshing california digital plate

Digital Plates Provide Vehicle Tracking: Operationrefreshing

  • Adding a permanent, connected device to your car can have some advantages. It also offers a new way for hackers to track you or collect personal information, as first reported by Vice.

  • A group of cybersecurity researchers recently published a report on various vulnerabilities they discovered in connected vehicles. Hackers have found ways to precisely locate the cars of major OEMs, including customer names, phone numbers, email addresses, and credit statuses.

  • Hackers have discovered that they can change the message the plates show for Reviver’s R Plates, and yes, they can track cars. Security vulnerability fixed.

UPDATE 1/12/2023: California DMV said Car and Driver, In response to our query that the digital license plates are currently in the pilot phase, he added: “DMV is currently developing arrangements to implement the permanent program. Privacy and security standards will be covered in regulations, including the requirement that the digital license plate system or any other approved device meet or exceed minimum national safety standards.

“The digital license plates presented in the current pilot are not connected to DMV systems and therefore DMV systems are not at risk through this program. Reports of security and privacy issues are extremely worrying and DMV is in contact with Reviver for reassurance. The measures really fixed the problem.”

It didn’t take long. The California DMV approved Reviver’s new digital license plates in October, and we’ve now learned how vulnerable they can be to outside hacking attacks.

As the only company to offer digital license plates, Reviver points out that they offer some technical advantages over traditional metal plates, such as automatic tag renewals and the ability to replace things like STOLEN if the car it’s attached to is stolen. , stolen. However, there have always been disadvantages, including higher cost and added complexity.

Last week, as Vice reported, a group of cybersecurity researchers interested in finding access points to connected vehicles announced they had found vulnerabilities in several brands and services. This included the ability to find and track vehicles from multiple brands including Kia, Honda, Infiniti, Nissan, Acura, Hyundai and Genesis. According to the published report, they were also able to find personal information of customers of many brands, including the credit status of Toyota customers.

As for a connected vehicle network called Spireon, which is mainly related to fleet management applications, the hackers said they “have access to everything”. The team accessed the network for Reviver without too much hassle. Cybersecurity researchers have published details of how they accessed Reviver’s backend, which includes viewing how the app and other online services behave during a password reset request. People who have a better understanding of the lines of code can see the details here.

refreshing california digital plate


Once on Reviver’s network, the researchers had “full super admin access” to all user accounts and tools for all tools connected to Reviver. This would allow them to track the physical location of these license plates, change the license plate to say whatever they wanted, and access all user records “including vehicles owned by people, physical addresses, phone numbers, and email addresses.”

Reviver officially acknowledges that the customer data it collects may be vulnerable to external actors. “We have adopted reasonable and appropriate security procedures to help protect against the loss, misuse and unauthorized access of the information you provide to us,” the company said on its website. “However, please note that no data transmission or storage can be guaranteed to be 100% secure. As a result, although we strive to protect your information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to our services.”

Reviver Responded Quickly

Things seem to be settled for now. Cybersecurity researchers said they reported the vulnerability to Reviver and it was quickly patched. Still, if these white-hat hackers weren’t trying to fix the problems, they would have the power to “remotely update, monitor, or delete anyone’s Reviver license plate”. In addition, the researchers said they would be able to “access any dealership (for example, Mercedes-Benz dealers will pack Reviver plates) and update the default image used by the dealer while the newly purchased vehicle still has Dealer tags.” They also gained full access to Reviver’s fleet management functionality.

Reviver said in a statement. Car and Driver interviewed a member of the cybersecurity research team after being briefed on the potential application vulnerability.

After the meeting, Reviver not only patched its app in under 24 hours, but “taken further action to prevent this from happening in the future.” Reviver said no customer information was affected. “As part of our commitment to data security and privacy, we also took this opportunity to identify and implement additional measures to supplement our existing, important protections,” the company said. “Cybersecurity is at the heart of our mission to modernize the driving experience, and we will continue to work with industry-leading professionals, tools and systems to build and monitor our secure platforms for connected vehicles.”

You may also like these

Leave a Reply

Your email address will not be published. Required fields are marked *