Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Digital Privacy Transportation

Hackers Can Jailbreak Digital License Plates To Make Others Pay Their Tolls, Tickets (wired.com) 29

Longtime Slashdot reader sinij shares a report from Wired with the caption: "This story will be an on-going payday for traffic ticket lawyers. I am ordering one now." From the report: Digital license plates, already legal to buy in a growing number of states and to drive with nationwide, offer a few perks over their sheet metal predecessors. You can change their display on the fly to frame your plate number with novelty messages, for instance, or to flag that your car has been stolen. Now one security researcher has shown how they can also be hacked to enable a less benign feature: changing a car's license plate number at will to avoid traffic tickets and tolls -- or even pin them on someone else.

Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to "jailbreak" digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he's able to rewrite a Reviver plate's firmware in a matter of minutes. Then, with that custom firmware installed, the jailbroken license plate can receive commands via Bluetooth from a smartphone app to instantly change its display to show any characters or image. That susceptibility to jailbreaking, Rodriguez points out, could let drivers with the license plates evade any system that depends on license plate numbers for enforcement or surveillance, from tolls to speeding and parking tickets to automatic license plate readers that police use to track criminal suspects. "You can put whatever you want on the screen, which users are not supposed to be able to do," says Rodriguez. "Imagine you are going through a speed camera or if you are a criminal and you don't want to get caught."

Worse still, Rodriguez points out that a jailbroken license plate can be changed not just to an arbitrary number but also to the number of another vehicle -- whose driver would then receive the malicious user's tickets and toll bills. "If you can change the license plate number whenever you want, you can cause some real problems," Rodriguez says. All traffic-related mischief aside, Rodriguez also notes that jailbreaking the plates could also allow drivers to use the plates' features without paying Reviver's $29.99 monthly subscription fee. Because the vulnerability that allowed him to rewrite the plates' firmware exists at the hardware level -- in Reviver's chips themselves -- Rodriguez says there's no way for Reviver to patch the issue with a mere software update. Instead, it would have to replace those chips in each display. That means the company's license plates are very likely to remain vulnerable despite Rodriguez's warning -- a fact, Rodriguez says, that transport policymakers and law enforcement should be aware of as digital license plates roll out across the country. "It's a big problem because now you have thousands of licensed plates with this issue, and you would need to change the hardware to fix it," he says.

Hackers Can Jailbreak Digital License Plates To Make Others Pay Their Tolls, Tickets

Comments Filter:
  • by Anonymous Coward on Wednesday December 18, 2024 @08:04PM (#65023849)
    What's wrong with the old metal plates?
    • What's wrong with the old metal plates?

      Low profit margins.

      A metal plate costs $20 one time.

      The digital plate costs $29.99 per month. That's $3600 over ten years.

      My car is worth less than that.

      • Shit should be canned.

        Never mind the cost of illuminating the damn things (NOW WITH NEW ELECTRICAL REQUIREMENTS!), or the additional risk of it breaking and getting a ticket because your plate wasn't displaying it's registration. (Or worse, some cop claiming your own car is stolen because the plate wasn't working...) A metal plate has none of these issues.

        But some grifter wasn't making enough money so add some electronics to it and charge a new monthly fee. America home of grift, land of the broke.
  • The logo used in the summary is that of a company called Digital Equipment Corporation [wikipedia.org] (DEC). This article has nothing to do with DEC, and the use of that logo is improper and off-topic.
  • It's hard to feel sorry for the people who will be charged with offences they didn't commit. Anybody who pays more money for something which is much more likely to fail in some fashion, just for the sake of vanity or coolness or shits 'n' giggles, deserves what they get.

    Also, I wonder if people who "learn to code" as part of mandatory school curricula will be savvy enough to avoid products like this. Somehow, I think most of them WON'T be smart enough. So we're gonna be stuck with this crap going forward, b

    • by Ogive17 ( 691899 )
      I don't think you understand. Someone with a digital plate can hack it, change it so it matches your license plate number, then go on a poor driving spree. They don't get charged but you end up with a bunch of fines/tickets.
      • Or blow through toll booths and rack up fees in your name. Then you're on the hook to prove it wasn't you (good luck).
        • by Moryath ( 553296 )

          Probably relatively trivial to prove unless their vehicle is a match to your make, model, coloration, and also that they hit tollbooths near your home location. The tollbooths are required by law to send a photo of the offending vehicle with the fee/bill/citation.

          The problem is going to be shitty jurisdictions like Texas that require you to come in person to challenge the ticket, rather than sending an electronic response with pertinent information such as "That's a red 1990 Chevy Silverado with a trump s

          • Except the companies operating the tolls do not care and ignore complains and add late fees even when faced with clear evidence.

            https://abc7news.com/bayarea-f... [abc7news.com]

          • Exactly this. For California at least, you wouldn't need the make/model/color etc of your car. The digital plates display differently than any metal plate. Just having the same letters and numbers won't replicated the rest of the plate's design. A look at a photo would show it as a digital plate. I guess it could have been hacked to show another digital plate rather than a metal one.

            The plates have BTLE and LTE. While the visual display might be hacked, what about it's RF identification? That would
    • by SirSlud ( 67381 )

      Remember - only you're smart enough. Everyone else always gets what they deserve. In the future, history will be written like, "Aw man, I wish we had more smart people like jenningsthecat around! So smart!"

    • what the hell were DMVs thinking that they allowed these plates to be used without having first had the devices vetted by somebody who specializes in security?

      $

    • Also, what the hell were DMVs thinking

      Boss demanded more profits, and if I don't give him those profits by pushing our new subscription service he'll find someone (or some BOT) that will. Society can get fucked.

      Do these folks consume so little news that they're unaware of the almost daily stories of

      You're asking that after multiple stories of idiots across the country thinking Biden was still the Democratic nominee on Election Day? Or the multiple stories of idiots across the country voting for Trump thinking he wasn't going to do what he said he would?

  • by GameboyRMH ( 1153867 ) <<moc.liamg> <ta> <hmryobemag>> on Wednesday December 18, 2024 @08:38PM (#65023917) Journal

    $500 could buy a lot of fake physical license plates. Or probably even quite a few sets of license-plate-sized e-ink displays that don't need jailbreaking.

    • by Moryath ( 553296 )
      Why do they even need to go that far? Half the cars on the road where I live are using fake paper "dealership plates."
    • Re: (Score:2, Insightful)

      by sinij ( 911942 )
      Fake plates are obviously illegal and if you are caught with one there are substantial penalties. Digital plates are legal in some places, and by being easily to hack the owner of one has plausible deniability. That is, if you drive generic-looking silver sedan or SUV that doesn't have distinct badges on it, then your license plate number is no longer a definitive match to your vehicle and you can question automatic tickets and toll on that basis. It might not work out quite as well if you drive, for exampl
      • by AmiMoJo ( 196126 )

        Licence plates have never been definitive. They have been cloned since they were introduced.

    • If you put a fake physical plate on your car, you will be a very simple case for law enforcement to solve. I believe the exploit here is that you have your digital license plate show your correct number *most* of the time and then you change it *temporarily* while running a red light or going through a toll both and then you change it back. You will only get caught if the police witness the change.
  • EXPECT IT TO BE HACKED. Grandma always told me as I was growing up... "You may be smart, but there is ALWAYS somebody smarter." and she was right... Just like its foolish to make an "Unsinkable ship" its foolish to think you've created an "Un-hackable system" ;-)
  • Can you, or a passing policeman, tell a legitimate digital license plate from something someone whipped up or bought from AliExpress?

    I mean, why bother jailbreaking those if you can just use a substitute?

  • by rossdee ( 243626 ) on Wednesday December 18, 2024 @09:12PM (#65023973)

    I seem to recall there was an Aston Martin back in the 60's that had that feature.

    It had a few other features too - machine guns, ejector seat...

  • There are so many WTFs in this story it's hard to know where to start...

    o What problem were digital license plates designed to solve?

    o Who in their right mind would pay $29/month for a frickin' license plate??

    o Who in authority never even once wondered "Hmm... are license plates that can change what they display really a good idea?"

    Given the track record of politicians, I expect many stories over the next few years about people whose lives were made a Kafkaesque misery by aggressive DMVs going after

    • These license plates let you display messages to the driver behind you. I've often thought of making such a contraption. It would let me make the world a better place by coaching other drivers so that they could level up their game. I largely decided against it because (a) it would be a project where the fun would wear off before I completed and (b) some drivers might not appreciate me offering them free advice on how to improve their roadway behavior and react angrily. You would think that somebody who
  • The real crime is Reviver's $29.99 monthly subscription fee.

    $29.99 * $12 = $359.88/year for digital vanity plates??

    SaaS has gone too far but people never learn.

If it's worth doing, it's worth doing for money.

Working...