Hackers Can Jailbreak Digital License Plates To Make Others Pay Their Tolls, Tickets

Longtime Slashdot reader sinij shares a report from Wired with the caption: "This story will be an on-going payday for traffic ticket lawyers. I am ordering one now." From the report: Digital license plates, already legal to buy in a growing number of states and to drive with nationwide, offer a few perks over their sheet metal predecessors. You can change their display on the fly to frame your plate number with novelty messages, for instance, or to flag that your car has been stolen. Now one security researcher has shown how they can also be hacked to enable a less benign feature: changing a car's license plate number at will to avoid traffic tickets and tolls -- or even pin them on someone else.

Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to "jailbreak" digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he's able to rewrite a Reviver plate's firmware in a matter of minutes. Then, with that custom firmware installed, the jailbroken license plate can receive commands via Bluetooth from a smartphone app to instantly change its display to show any characters or image. That susceptibility to jailbreaking, Rodriguez points out, could let drivers with the license plates evade any system that depends on license plate numbers for enforcement or surveillance, from tolls to speeding and parking tickets to automatic license plate readers that police use to track criminal suspects. "You can put whatever you want on the screen, which users are not supposed to be able to do," says Rodriguez. "Imagine you are going through a speed camera or if you are a criminal and you don't want to get caught."

Worse still, Rodriguez points out that a jailbroken license plate can be changed not just to an arbitrary number but also to the number of another vehicle -- whose driver would then receive the malicious user's tickets and toll bills. "If you can change the license plate number whenever you want, you can cause some real problems," Rodriguez says. All traffic-related mischief aside, Rodriguez also notes that jailbreaking the plates could also allow drivers to use the plates' features without paying Reviver's $29.99 monthly subscription fee. Because the vulnerability that allowed him to rewrite the plates' firmware exists at the hardware level -- in Reviver's chips themselves -- Rodriguez says there's no way for Reviver to patch the issue with a mere software update. Instead, it would have to replace those chips in each display. That means the company's license plates are very likely to remain vulnerable despite Rodriguez's warning -- a fact, Rodriguez says, that transport policymakers and law enforcement should be aware of as digital license plates roll out across the country. "It's a big problem because now you have thousands of licensed plates with this issue, and you would need to change the hardware to fix it," he says.

Why do we need digital license plates?

[Anonymous Coward]

What's wrong with the old metal plates?

Re:

[ShanghaiBill]

What's wrong with the old metal plates?

Low profit margins.

A metal plate costs $20 one time.

The digital plate costs $29.99 per month. That's $3600 over ten years.

My car is worth less than that.

Re:Why do we need digital license plates?

[codebase7]

Shit should be canned.

Never mind the cost of illuminating the damn things (NOW WITH NEW ELECTRICAL REQUIREMENTS!), or the additional risk of it breaking and getting a ticket because your plate wasn't displaying it's registration. (Or worse, some cop claiming your own car is stolen because the plate wasn't working...) A metal plate has none of these issues.

But some grifter wasn't making enough money so add some electronics to it and charge a new monthly fee. America home of grift, land of the broke.

Re:

[Bahbus]

A cursory glancing at their website says the service plan is not required at all. And it's minimum $35 per year, not month. Mostly just gives you access to some DMV services, like renewing your tags through the app/service automatically and the plate updating itself to match, which sounds like a nice feature - I hate those fucking piece of shit stickers. They're also easier to read in any weather/lighting conditions. And some other cosmetic features that some people like. I mean some people waste money on b

Re: Why do we need digital license plates?

[paul_engr]

No, they're not easier to read in any condition. In fact they're damn near impossible to read in direct sunlight from any angle. The most astonishing thing of how piss poor of a shameless money scheme this is for me, by far, was how awful the actual damn text looks. I wouldn't take one of those shits if the DMV gave me a $19/yr discount on my registration.

Re:

[Bahbus]

They have to be readable from 100ft away in all conditions to have even gained legal approval to begin with. And they literally use the exact same font, and other imagery, as the real metal plate you would get minus color. So, you've never seen one, or only saw some cheap, illegal knockoff.

Re:

[SoCalChris]

They're made with an eink display, so they're fine to read in any situation you could read a regular plate in, assuming it's not damaged or covered with something to obscure it.

They're still a fucking stupid idea though.

Re:

[mspohr]

eink goes all black in high heat.

Re:

[SoCalChris]

I see a ton of them around, both in the Los Angeles and Palm Springs areas and haven't seen any that have gone all black. I'm not sure if they're doing something different with them, but it hasn't really been an issue that I've seen. Doesn't mean it isn't happening, but I haven't seen it in some pretty hot circumstances with them sitting out in the direct sun.

Re:

[Bahbus]

These digital plates are supposedly rated to at least 176F. Not even Death Valley would black out these displays.

But clearly some savings too

[Roger W Moore]

The digital plate costs $29.99 per month. That's $3600 over ten years.

Yes, but think of all the savings you can make on parking and speeding tickets!

Re:

[Darinbob]

It's a government plate, profit is not the goal here. Any cost is with fees and to cover the actual cost of manufacture.

Re:

[aRTeeNLCH]

The digital plate costs $29.99 per month. That's $3600 over ten years.

My car is worth less than that.

Sure, but you might still get ahead if your licence plate scanning based costs are higher....

Re:

[mysidia]

In theory, security. Metal plates can easily be stolen or cloned.

The problem with digital plates is the implementation sucks.

What they should be doing is 1. Manufacturing these within a sealed tamper-resistant enclosure similar to smart cards that cannot be serviced and does not provide access to mess with the underlying electronics without tripping sensors that cause it to self-destruct.

2. Displaying a large QR code next to the numbers containing a time-dependent signature of the plate ID and a digital s

Re:

[DarkOx]

I would almost say the ability to change the license number is one of those things where a lock of honest people is 'good enough' ie you don't make it set-able but you also don't need to make it impossible for a a determined person to change.

License plates remember do have some anti-counterfeit technology to them, at least in most states. Special paints etc, however they are also designed to be observed from a distance usually with visible light photography or human eyes. Fakes don't have to stand up to c

Convenience and Detectability

[Roger W Moore]

In theory, security. Metal plates can easily be stolen or cloned.

Yes they aren't because of the cost and inconvenience of making and then changing the plates. With a digital plate it costs nothing to change the number on display and you can do it instantly making it possible to display one license number to toll and speed cameras but your legal plate the rest of the time so you can't easily get caught. You can also use a different number for each camera further hampering efforts to track and detain you.

If you try that with a metal plate you'd have to make multiple pl

Re: Convenience and Detectability

[flyingfsck]

I guess young whipper snappers wont know that James Bond had revolving plates on his Aston Martin in 1964 already.

Attention Gen-Z

[Valgrus Thunderaxe]

The logo used in the summary is that of a company called Digital Equipment Corporation [wikipedia.org] (DEC). This article has nothing to do with DEC, and the use of that logo is improper and off-topic.

Re:

[fatwilbur]

You say that like gen Z cares to learn about history or really anything at all.

Re:

[serviscope_minor]

You are not a superior person simply virtue of being an old fart.

Re:

[mysidia]

The logo is a dead mark. Since DEC is gone, and the logo hasn't been used since 2004; it's essentially up for grabs. No real issue with Slashdot using it to represent their digital category. This way in a sense a remnant of DEC's influence lives on.

Vanity, thy name is "Sucker!"

[jenningsthecat]

It's hard to feel sorry for the people who will be charged with offences they didn't commit. Anybody who pays more money for something which is much more likely to fail in some fashion, just for the sake of vanity or coolness or shits 'n' giggles, deserves what they get.

Also, I wonder if people who "learn to code" as part of mandatory school curricula will be savvy enough to avoid products like this. Somehow, I think most of them WON'T be smart enough. So we're gonna be stuck with this crap going forward, b

Re:

[Ogive17]

I don't think you understand. Someone with a digital plate can hack it, change it so it matches your license plate number, then go on a poor driving spree. They don't get charged but you end up with a bunch of fines/tickets.

Re:

[Valgrus Thunderaxe]

Or blow through toll booths and rack up fees in your name. Then you're on the hook to prove it wasn't you (good luck).

Re:

[Moryath]

Probably relatively trivial to prove unless their vehicle is a match to your make, model, coloration, and also that they hit tollbooths near your home location. The tollbooths are required by law to send a photo of the offending vehicle with the fee/bill/citation.

The problem is going to be shitty jurisdictions like Texas that require you to come in person to challenge the ticket, rather than sending an electronic response with pertinent information such as "That's a red 1990 Chevy Silverado with a trump s

Re: Vanity, thy name is "Sucker!"

[sodul]

Except the companies operating the tolls do not care and ignore complains and add late fees even when faced with clear evidence.

https://abc7news.com/bayarea-f... [abc7news.com]

Re:

[MDMurphy]

Exactly this. For California at least, you wouldn't need the make/model/color etc of your car. The digital plates display differently than any metal plate. Just having the same letters and numbers won't replicated the rest of the plate's design. A look at a photo would show it as a digital plate. I guess it could have been hacked to show another digital plate rather than a metal one.

The plates have BTLE and LTE. While the visual display might be hacked, what about it's RF identification? That would

Re:

[mysidia]

Not only that.. the hackers can likely mock up a plate purporting to be from any state they want; even states that don't have digital plates, Then get you fines issues by a different state's OMV. Since states co-ordinate their databases: people can lose driving privileges because someone racked up violations against you in some random city half way across the country.

This can also result in their victims getting a summons to appear in some court a thousand miles a way, and a default judgement or bench

Re:

[SirSlud]

Remember - only you're smart enough. Everyone else always gets what they deserve. In the future, history will be written like, "Aw man, I wish we had more smart people like jenningsthecat around! So smart!"

Re:

[drinkypoo]

what the hell were DMVs thinking that they allowed these plates to be used without having first had the devices vetted by somebody who specializes in security?

$

Re:

[codebase7]

Also, what the hell were DMVs thinking

Boss demanded more profits, and if I don't give him those profits by pushing our new subscription service he'll find someone (or some BOT) that will. Society can get fucked.

Do these folks consume so little news that they're unaware of the almost daily stories of

You're asking that after multiple stories of idiots across the country thinking Biden was still the Democratic nominee on Election Day? Or the multiple stories of idiots across the country voting for Trump thinking he wasn't going to do what he said he would?

Re:

[jenningsthecat]

You really are a fucking moron. Normal drivers, who have got an *ordinary, fixed plate* will get the tickets and charges for the asshole with the hacked digital plate. *That's* the problem.

And then the photo evidence will show that it was a digital plate rather than a fixed one, and the charges will be dropped. It's a hassle and an inconvenience for sure, but not insurmountable. Meanwhile, when someone who bought a digital plate has their plate number cloned by somebody else with a digital plate...

Geez, were you dropped on your head as a baby?

Actually, I was, almost literally. I wasn't dropped, but I fell, and my head hit the concrete pretty hard. Apparently they weren't sure I was going to make it. I think I can reasonably attribute thr

A better question

[Anonymous Coward]

A better and more interesting question is if someone can hack the plates to display poop emojis on electric vehicles.

$500 digital plates!

[GameboyRMH]

$500 could buy a lot of fake physical license plates. Or probably even quite a few sets of license-plate-sized e-ink displays that don't need jailbreaking.

Re:

[Moryath]

Why do they even need to go that far? Half the cars on the road where I live are using fake paper "dealership plates."

Re:

[sinij]

Fake plates are obviously illegal and if you are caught with one there are substantial penalties. Digital plates are legal in some places, and by being easily to hack the owner of one has plausible deniability. That is, if you drive generic-looking silver sedan or SUV that doesn't have distinct badges on it, then your license plate number is no longer a definitive match to your vehicle and you can question automatic tickets and toll on that basis. It might not work out quite as well if you drive, for exampl

Re:

[AmiMoJo]

Licence plates have never been definitive. They have been cloned since they were introduced.

Re:

[Ed Tice]

If you put a fake physical plate on your car, you will be a very simple case for law enforcement to solve. I believe the exploit here is that you have your digital license plate show your correct number *most* of the time and then you change it *temporarily* while running a red light or going through a toll both and then you change it back. You will only get caught if the police witness the change.

Re:

[vbdasc]

"Just stop all guys in [make/model] using these new thingies and perhaps you will catch the culprit".

Re:

[Darinbob]

Also this hacking is physical - attach a cable and reprogram. Enough effort that it's simpler to just buy a fake metal plate.

The real story is not that these plates can be hacked, or replaced with different plates, but that the security on them is laughably terrible.

IF you put it into a digital system...

[zurkeyon]

EXPECT IT TO BE HACKED. Grandma always told me as I was growing up... "You may be smart, but there is ALWAYS somebody smarter." and she was right... Just like its foolish to make an "Unsinkable ship" its foolish to think you've created an "Un-hackable system" ;-)

How can you tell a legit

[ableal]

Can you, or a passing policeman, tell a legitimate digital license plate from something someone whipped up or bought from AliExpress?

I mean, why bother jailbreaking those if you can just use a substitute?

Changeable license plate

[rossdee]

I seem to recall there was an Aston Martin back in the 60's that had that feature.

It had a few other features too - machine guns, ejector seat...

Where to start....

[dskoll]

There are so many WTFs in this story it's hard to know where to start...

o What problem were digital license plates designed to solve?

o Who in their right mind would pay $29/month for a frickin' license plate??

o Who in authority never even once wondered "Hmm... are license plates that can change what they display really a good idea?"

Given the track record of politicians, I expect many stories over the next few years about people whose lives were made a Kafkaesque misery by aggressive DMVs going after them for tolls they don't owe. What a steaming pile...

Re:

[Ed Tice]

These license plates let you display messages to the driver behind you. I've often thought of making such a contraption. It would let me make the world a better place by coaching other drivers so that they could level up their game. I largely decided against it because (a) it would be a project where the fun would wear off before I completed and (b) some drivers might not appreciate me offering them free advice on how to improve their roadway behavior and react angrily. You would think that somebody who

Re:

[evil_aaronm]

Why not just get one of those scrolling LED signs and put that in your back window? It wouldn't cost you $30 / mo, and you could put whatever message or effects you could program into it.

Re:

[Ed Tice]

If I were actually going to do this, I would not use an item with a monthly subscription cost. The scrolling LED isn't the hard part of the project. If I just wanted a generic message "Baby on board" or something I could just get a sticker. The project part would be the ability to update it on-the-fly while driving so that I could give specific advice to other drivers. That would probably mean it needs to be updatable via Bluetooth and I'd have to build an app that works with CarPlay so that I can just

Re: Where to start....

[larwe]

I literally worked on that exact thing as a contract job. Small keyboard (I used surplus Palm Pilot keyboards) and a small LED matrix. I told the guy it was a terrible idea to give kids in the car the ability to display arbitrary text to the car behind, but hey, I just got paid to design it and build prototypes, not to deal with the aftermath :)

Bitte Folgen - Polizei

[stooo]

There's one display like this in germany which works wonders.
It says "Bitte Folgen - Polizei"
As soon as people see it, they drive reallllly by the book (but then it's too late)

Re:

[dskoll]

A device that displays messages to drivers behind you is all well and good, but it need not also be the license plate. It can be a separate display that has no official meaning.

Re:

[Ed Tice]

Yes, but the license plate occupies the largest and most visible portion of the rear of your vehicle. Unless you have a truck with a tailgate, other locations are suboptimal. However, I sure wouldn't pay a subscription fee for a digital license plate even if it had such a feature.

Re:

[gweihir]

There are a ton of idiots that collaborated here to make this happen. And then one security researcher that had a few hours of time to play with the result.

The REAL crime ...

[UnknownSoldier]

The real crime is Reviver's $29.99 monthly subscription fee.

$29.99 * $12 = $359.88/year for digital vanity plates??

SaaS has gone too far but people never learn.

Yes... "Their chips"

[paul_engr]

These morons clearly are also STMicro and manufacture microcontrollers, too...

29.99

[kqc7011]

When does TEMU offer a one time $9.99 digital plate?

Hack?

[ThurstonMoore]

I can hack a license plate with MS Paint and a printer.

Re:

[gweihir]

Not real-time while driving, you cannot.

BWA-HA-HA-HA!

[Gilmoure]

"Our sticker is the height of security!"

Re:

[gweihir]

Yep. Probably they will make it illegal next to remove or damage them as a "fix". There people are soooooo incredibly stupid.

And nobody with a clue is surprised

[gweihir]

It is always people with no clue that make these decisions, and they never understand that there are others that are massively more capable than they are.

Why were they ever PRESSED INTO METAL?

[Kevoco]

Seriously, what's the point of a tag (any tag) that can change?

Dumb idea from the start

[Murdoch5]

Developing secure systems is hard, really hard. I've done secure system engineering, ranging from embedded widgets the size of a USB key, through to large scale distributed systems. There are several key aspects that have to be in place from the start: (these are not in order)

1. Encryption: You need to cryptographically validate everything, from the boot, through the operation. If an action happens, it needs to request a key, or a signature, and have a different enclave validate that system, and pre