Given the obvious: California car digital plates can already be hacked
In October 2022, the state of California debuted something really cool: digital license plates for cars. But before they even debuted, cybersecurity experts warned that they could be hacked. Three months later, researchers claim they hacked into the digital card system.
The proposal of the digital card, which has a SIM card, is interesting. With it, the driver has access to tools such as GPS location, customization of the text located below the license plate number, renews the licensing via app and even a night mode — whose usefulness should be to make it difficult to photon sparrow / radar. But it also brought that misfortune, announced since the discussion of the bill.
To placate, board has to be safe to users
The hack into the system of Reviver, manufacturer of RPlate, name of the digital board that is basically a tablet stuck in the bumpers of the car, was carried out by Sam Curry. Curry is a bug hunter and has already shown in flaws at Apple and Chess.com, the most popular chess site.
Reviver is apparently the only supplier of the digital board —either by bidding or by not having competitors yet. Curry was able to hack into the company’s system and gain administrative access to the accounts registered with the company. With this, it can use all the practical features that customers can use through the application.
For the safety of the user, the location of the car by GPS is very useful in case of theft. However, with a system intrusion it ceases to be a security resource and becomes a criminal tool. Reviver also provides a fleet tracking service for companies —and Sam Curry had access to that as well. With the location of a person or company cars, criminals can organize robberies.
And yet in this location functionality, Curry was able to change the status of a car. That way, i could tell you if a car was stolen or not.
The function of modifying the text on the board? Well, a beautiful tool for hackers more “zoeiros” to apply a “trolley” with drivers.
Reviver solved problem and ensures that there were no attacks
For the Motherboard website, Revolver said it fixed the failure less than 24 hours after discovering the problem. The company also claims that no one used the vulnerability to attack users of the service.