Researchers had access to data from the company Reviver, which distributes digital license plates in California. And they were able to locate cars that were equipped with it.
As of October 2022, California allows the purchase of digital license plates. The Reviver company jumped at the chance and is the only company that offers this service in the state. But a team of security researchers managed to access the service, locate the cars and even change the text that appears on the plate, as explained this note by one of the members published on January 3.
For between $20 and $25 per month, Reviver customers can take advantage of a battery-powered or cable-powered digital license plate, personalize part of the plate by displaying a message. All this goes through an application that manages the system and also locates the vehicle.
And it was the app that allowed researchers to hack into the system. After easily accessing an administrator account, they managed to gain access to all sorts of Reviver data including vehicle location tracking. They were also able to update vehicle plates and even add or remove users.
revive told the American media Vice have resolved all the flaws identified by the researchers:
“As part of our commitment to data security and privacy protection, we have also taken this opportunity to identify and implement additional safeguards to complement our extensive existing protections.”
The company also clarifies that the researchers’ manipulations were not “misused” and that “customer information was not affected”.
