Written by 9:49 pm Survival Views: [tptn_views]

California’s Electronic License Plate System Just Got Hacked

“Internet of Things” (IoT) is an industry term that sounds innocent, but its existence has serious implications for our security and privacy. IoT devices are unusual objects or devices with built-in sensors, computer processors and communication modules – cars connected via Wi-Fi, smart picture frames, thermostats connected to the Internet and so forth. These devices offer some conveniences, but they’ve also turn out to be more invasive and vulnerable to security vulnerabilities. You could also be nervous that somebody will break into your computer or phone, but you most likely didn’t think of somebody hacking smart fridge. A powerful example of this comes from California, where latest digital license plates – promoted as an optional upgrade – have been legalized by Governor Gavin Newsom in October 2022. A couple of months after its release, California’s electronic license plate system has already been hacked, allowing hackers to trace GPS locations, access owner’s personal information, change license plate text, and more. They could even mark the vehicle as stolenwhich can prompt the police to conduct a high-intensity crime arrest.

Screenshot by Reviver.com

Electronic license plate hack

Fortunately, the hackers on this case were benevolent “white hats” who had no intention of using this vulnerability to cause chaos. Instead, they immediately reported the vulnerability (presumably for a big money prize). Reviver, an organization that sells and manages the brand new RPlate electronic license plates. Reviver reportedly patched the glitch inside 24 hours. After an internal investigation, the corporate said it had never been utilized in a malicious way and no user data had been leaked to the general public.

While a cybersecurity catastrophe was avoided on this case, it’s actually price checking out just how serious the vulnerability was. This was explained by security researcher Sam Curry javascript error on Reviver’s website allowed his team to vary the access level of the account from a typical user to a “super admin”. Once they gained admin access, they might…

  • Access the private information of any electronic plate owner, including vehicles owned, physical address, phone number, and email address
  • Track your GPS location remotely any electronic license plate
  • Remove the license plates from the system
  • Add latest license plates to the system
  • Replace dealer logos on temporary labels for brand new cars
  • Change the custom line of text at the underside of the tile
  • Update the status of any electronic board to “STOLD”, which could potentially lead the police to stop the motive force at gunpoint

The growing problem of cybersecurity

It’s not even near to the one major vulnerability documented by Sam Curry in his blog post, Internet hackers versus the automotive industry. It also showed Internet backdoors which have affected a dizzying list of carmakers, including Kia, Hyundai, Honda, Toyota, Infiniti, Nissan, Acura, Ford, Mercedes-Benz, BMW, Porsche, and even Ferrari. Many of those included the flexibility to “remotely lock, unlock, start and stop the engine, pinpoint location, flash headlights and honk” using only the vehicle’s publicly visible VIN.

Photo via Reviver

Hackers have also shown skill previously remotely disable vehicles which are already in motion, which may lead to a serious failure.

Automotive industry aside, the state of California isn’t any stranger to glaring cyber vulnerabilities. Last summer, the California Department of Justice confirmed that the private information of all individuals who were granted or denied a concealed carry permit between 2011 and 2021 leaked. This information included “name, date of birth, gender, race, driver’s license number, addresses and criminal history.” This leak affected nearly 1 / 4 of 1,000,000 Californiansincluding judges and law enforcement officials, possibly making them targets for home burglaries and other crimes.

Talk is reasonable

In almost every case, the businesses or governing bodies concerned quickly apologized and warranted everyone that it was an isolated incident. But what is evident is that these hack attacks will proceed unless those accountable for our data devote money and time to creating cybersecurity a much higher priority.

In the meantime, we encourage you to fastidiously consider the professionals and cons before adding more smart IoT devices to your property (or garage).

[mailpoet_form id="1"]
Close