Reviver has said that its goal is to “modernize” the experience of driving, and the method it plans to accomplish this goal is by producing the world’s only digital license plate as well as a linked car platform.
However, security experts who have been investigating how secure “modernization” really is have discovered a means to create substantial loopholes in this architecture. Some of the flaws that were uncovered demonstrate that malevolent third parties are able to monitor the GPS position of the owners of digital license plates.
In October 2017, Reviver became the first firm to provide digital license plates, and they continue to be the only ones offered for sale in the state of California. They are being advertised as legal for use across the United Places, while simultaneously becoming legal to purchase in an increasing number of states around the country.
Hackers are able to access the “super user” admin method of any user’s device, and from there they can effectively take remote control of the device. This information was shared by researcher Sam Curry in a blog post, and it will be of interest to those who already own such plates or plan to purchase them in the future.
A hacker may use Reviver plates to follow their whereabouts via GPS, as well as edit or erase the information on the plates themselves. And if the attacker wanted to have even more “fun” with the users of the digital plates, they might access the organizational account even if it was just to change the personalized messages that were displayed just at the bottom to read whatever they wanted, according to the reports. This would allow them to read whatever they wanted.
Drivers who prefer to use digital license plates, on the other hand, have the option of paying between $20 and $25 each month (battery or wired power, respectively). Yet why would anybody act in such a way? The marketing surrounding Reviver appears to center on “trinkets” for the customer experience, such as the capability to showcase those personalized messages, which are not available with “old school” plates. However, there are also some features that have the potential to be more useful, like an app that would detect motion when a vehicle is presumed to be parked.
In such a scenario, the term “stolen” would be shown on the plate.
Reviver’s remark, which was published by Motherboard, indicates that this specific vulnerability has been fixed. This information comes at a time when some rather major vulnerabilities have been brought to light, such as complete access to GPS data. And the business gave everyone the assurance there was no proof that it has been exploited in any way.
There are even more assurances: Reviver said that it has “taken further procedures to avoid this from happening in the future.”