by Patrick Wood, Activist Post:
California digital plates are 100% trackable via GPS and 2-way communication. Steal a car? The plate will display STOLEN and every inch of your travels will be recorded. Now researchers discover that the whole system is hackable, meaning that a breach could turn California roadways into utter chaos. — Technocracy News & Trends Editor Patrick Wood
By: Alana Mastrangelo via Breitbart
Security researchers were able to gain “super administrative access” to Reviver, the sole provider of California’s digital license plates, and track the GPS location of all of vehicles they are associated with.
TRUTH LIVES on at https://sgtreport.tv/
A team of security researchers successfully obtained “full super administrative access,” which allowed them to perform a slew of tasks involving the company’s user accounts and vehicles, according to a blog post by researcher Sam Curry.
After gaining access, a hacker could track the physical GPS location of all license plates of Reviver customers, as well as change the slogan or personalized message at the bottom of the plates to arbitrary text.
The personalized messages on the license plates involves a feature that allows customers to digitally update the bottom section of their plates to display different messages, such as, “Go Team!” or “looking for a trail.”
Additionally, a hacker could update any vehicle status to “STOLEN,” which would alert authorities.
“An actual attacker could remotely update, track, or delete anyone’s REVIVER plate,” Curry wrote in his blog post, revealing that he and his team had found security vulnerabilities across the automotive industry, not just with Reviver.
A hacker could also access all user records, including what vehicles people owned, their physical address, phone number, and email address, as well as access the fleet management functionality for any company, locate, and manage all vehicles in a fleet, Curry noted.
“We could take any of the normal API calls (viewing vehicle location, updating vehicle plates, adding new users to accounts) and perform the action using our super administrator account with full authorization,” Curry explained.
“We could additionally access any dealer (e.g. Mercedes-Benz dealerships will often package REVIVER plates) and update the default image used by the dealer when the newly purchased vehicle still had DEALER tags,” he added.Reviver responded to the revelations, telling Vice’s Motherboard that it has since patched the issues discovered by the researchers.