California’s roads just got a little smarter with the passage of a bill that paves the way for the sale of digital license plates across the state<\/a>. The technology allows for emergency messaging like marking the car stolen or indicating an Amber Alert, and can be personalized through an app with touts like “Go Warriors” or “Go Lakers” to cheer on the local sports teams. The pesky task of car registration also will become easier with DMV auto-renewals, eliminating the need for registration cards and stickers. California-based startup Reviver is the only company offering digital license plates right now, and they’re expensive, costing up to $1,100 for four years for a hard-wired version. (The cost for a traditional license plate, registration card and sticker totals $69, according to state’s DMV.) A battery-powered version is available for an about $20 per month subscription, or $215 a year, for four years.<\/p>\n\n\n\n https:\/\/tech.slashdot.org\/story\/22\/10\/13\/2047242\/california-legalizes-digital-license-plates-with-1100-price-tag<\/em><\/a><\/p>\n<\/blockquote>\n\n\n\n https:\/\/www.wired.com\/story\/digital-license-plate-jailbreak-hack\/<\/a><\/p>\n\n\n Digital license plates, already legal to buy in a growing number of states<\/a> and to drive with nationwide, offer a few perks over their sheet metal predecessors. You can change their display on the fly to frame your plate number with novelty messages, for instance, or to flag that your car has been stolen. Now one security researcher has shown how they can also be hacked to enable a less benign feature: changing a car’s license plate number at will to avoid traffic tickets and tolls\u2014or even pin them on someone else.<\/p>\n\n\n\n Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to \u201cjailbreak\u201d digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he’s able to rewrite a Reviver plate’s firmware in a matter of minutes. Then, with that custom firmware installed, the jailbroken license plate can receive commands via Bluetooth from a smartphone app to instantly change its display to show any characters or image.<\/p>\n\n\n\n That susceptibility to jailbreaking, Rodriguez points out, could let drivers with the license plates evade any system that depends on license plate numbers for enforcement or surveillance, from tolls to speeding and parking tickets to automatic license plate readers<\/a> that police use to track criminal suspects. \u201cYou can put whatever you want on the screen, which users are not supposed to be able to do,\u201d says Rodriguez. \u201cImagine you are going through a speed camera or if you are a criminal and you don’t want to get caught.”<\/p>\n\n\n\n Worse still, Rodriguez points out that a jailbroken license plate can be changed not just to an arbitrary number but also to the number of another vehicle\u2014whose driver would then receive the malicious user’s tickets and toll bills. \u201cIf you can change the license plate number whenever you want, you can cause some real problems,\u201d Rodriguez says.<\/p>\n\n\n\n All traffic-related mischief aside, Rodriguez also notes that jailbreaking the plates could also allow drivers to use the plates’ features without paying Reviver’s $29.99 monthly subscription fee.<\/p>\n\n\n\n Because the vulnerability that allowed him to rewrite the plates’ firmware exists at the hardware level\u2014in Reviver’s chips themselves\u2014Rodriguez says there’s no way for Reviver to patch the issue with a mere software update. Instead, it would have to replace those chips in each display. That means the company’s license plates are very likely to remain vulnerable despite Rodriguez’s warning\u2014a fact, Rodriguez says, that transport policymakers and law enforcement should be aware of as digital license plates roll out across the country. \u201cIt’s a big problem because now you have thousands of licensed plates with this issue, and you would need to change the hardware to fix it,\u201d he says.<\/p>\n\n\n\n IOActive says it repeatedly tried to contact Reviver about its findings over the past year, going so far as to describe its findings to US CERT, which then also tried to contact Reviver about the problem. Nonetheless, Reviver told WIRED that it only became aware of IOActive’s jailbreaking research when WIRED reached out to the company last week.<\/p>\n\n\n\n In a statement, the company noted that jailbreaking a digital license plate to avoid tolls, tickets, or other law enforcement surveillance \u201cwould be a criminal act subject to prosecution by law enforcement.\u201d The company adds that \u201cthe jailbreak technique identified by IOActive requires physical access to the vehicle and plate, plate removal, specialized tools, and expertise\u201d and that \u201cthis scenario is highly unlikely to occur in real-world conditions, limiting it to individual bad actors knowingly violating laws and product warranties.\u201d Reviver says it’s also redesigning its license plates to avoid using chips vulnerable to Rodriguez’s hacking technique in the future.<\/p>\n\n\n\n While Rodriguez agrees that jailbreaking a Reviver plate would require removing it from a vehicle, he disputes Reviver’s claim that it would require \u201cspecialized tools\u201d or \u201cexpertise.\u201d To develop his jailbreaking method, he did use a fault-injection technique that required attaching wires to the plates\u2019 internal chip, monitoring its voltage, and \u201cglitching\u201d that voltage at a specific moment to switch off its security features and gain the ability to analyze and rewrite its firmware. But once that reverse engineering process was complete, he used its results to develop a jailbreak tool that requires none of that technical complexity.<\/p>\n\n\n\n If that tool were to leak or be sold online\u2014Rodriguez himself says he doesn’t plan to publish his\u2014he says anyone could use it to jailbreak their own plate in a matter of minutes. \u201cThey just need to connect a cable and install the new firmware, just like if you were jailbreaking your iPhone,\u201d Rodriguez says.<\/p>\n\n\n\n Rodriguez also notes that his hacking technique could be used not just by a driver who wants to jailbreak their own plate, but also by someone targeting an unwitting owner of a plate too. If a hacker\u2014or a parking valet or auto mechanic\u2014could manage to remove a license plate and install their own firmware on it, Rodriguez warns, they could surreptitiously change their license plate number over the internet by programming the plate to connect to a server the hacker controlled.<\/p>\n\n\n\n In addition to the physical access and time necessary to pull off that hack, however, a license plate saboteur would also need to overcome a feature of Reviver’s plates that sends a notification to the owner when it’s detached from a vehicle. That would require jamming the plate’s radio communications while tampering with it, Rodriguez notes, an added wrinkle that makes the attack even less practical, though perhaps not impossible.<\/p>\n\n\n\nDigital license plates sold by Reviver, already legal to buy in some states and drive with nationwide, can be hacked by their owners to evade traffic regulations or even law enforcement surveillance.<\/h5>\n\n\n\n
![\"License](\"https:\/\/media.wired.com\/photos\/675b5896ae716c42d416ebf4\/master\/w_2560%2Cc_limit\/security_liscense_gettyimages.jpg\")
<\/figure>\n\n\n\n![\"Image](\"https:\/\/media.wired.com\/photos\/67602acd4586723d26df2ccb\/master\/w_1600%2Cc_limit\/plate_hacked.jpg\")
<\/figure>\n\n\n\n