Cybersecurity researchers managed to hack into California's new digital license plates, which are sold and managed by tech company Reviver. The digital plates, called Rplates, went on sale in California late last year, but it was only a matter of time before hackers found a backdoor into Reviver's systems.
Luckily, the white hats got there first by gaining full "super administrative access" via the Reviver website, according to Vice. This allowed the team of researchers to track the location of all cars using the plates, access all user records and even change some of the text shown on the digital plate displays.
[...] Even so, the bug found on the Reviver site could've given someone an alarming amount of information and control over the digital plates. As Curry notes, Reviver patched the bug within 24 hours after it was reported; the company shared a statement with Jalopnik saying a subsequent investigation found that the "potential vulnerability" had not been misused, nor had any user data been leaked.
For the unaware (as I was), a digital license plate is an IoT-enabled ePaper display that replaces the stamped metal plate on your car where the user can apparently use their online account to change the look of the plate and the cheeky message displayed at the bottom. What I couldn't find was any compelling reason why I would want to spend my own money to get one.
(Score: 4, Insightful) by Barenflimski on Thursday January 12, @02:31PM
It blows my mind how quickly we used our technological advances to be able to track every single person within feet of their location.
License plates that have GPS transceivers? Sold to folks with the statement, "But what if someone crashed, wouldn't you want to find them?" when 99.3% of use cases would be tracking that person by a 3rd party for an infinite number of reasons.
Maybe as a business you like this function? Do these come with software to plot your trips? Does it come with a "find-my-honda" app?
(Score: 5, Insightful) by Spamalope on Thursday January 12, @02:52PM (2 children)
Think of all the advantages of these plates.
Tolls with unlimited surge pricing!
This week there was a story about a coder being fired for who they followed on their private Twitter account. A few years back the IRS was auditing based on donations to the wrong candidates.
But that's work! That's old and busted! Some folks might be missed... slip through the cracks!
And none of those methods use 5G!
Now we can automatically flag based on where you drive and who you associate with!
This tech is adaptable, too.
Republican political rally in CA? Busted!
Libertarian group anywhere? Busted!
Wrong (or no) church on Sunday in Baptist territory? Busted!
We can sell data to employers too. Strip club on a sick day? Busted!
Truly it's a brave new world!
(Score: 3, Informative) by aafcac on Thursday January 12, @07:14PM
That's not interesting. Those groups were being investigated over the possibility of using tax exempt donations for political speech which isn't allowed for any party. It's also hardly unique as the FBI regularly infiltrates lefty organizations with little reason to believe that they're doing anything wrong. And it's been the case for pretty much their entire existence that they meddle in politics to disadvantage the left.
(Score: 0) by Anonymous Coward on Friday January 13, @07:41AM
You can do this with normal plates too.
(Score: 4, Insightful) by Dale on Thursday January 12, @05:26PM
At this point, if it goes into a database in some way it will eventually be compromised and/or released. That is the base situation from which we simply have to operate from going forward.