Security News > 2023 > January > How to track equipped cars via exploitable e-ink platemaker
California's street-legal ink license plates only received a nod from the US government in October, but reverse engineers have already discovered vulnerabilities in the system allowing them to track each plate, reprogram them or even delete them at a whim.
In a blog post by security researcher Sam Curry, he describes a project targeting digital license plate maker Reviver put together with some friends, among several other automotive security experiments.
The system of Reviver, maker of the only commercially available digital license plate on the market and the company behind the push for E Ink plate legalization in California, caught Curry and his friends' attention because it included internal tracking tools for its plates.
"Since the license plate could be used to track vehicles, we were super interested in Reviver and began auditing the mobile app," Curry said.
Reviver plates began showing up on California roads in 2017 as part of a pilot program.
The plate could be changed to read STOLEN. After a bit more digging and creation of a new Reviver account, Curry and friends found that their account was assigned a unique "Company" JSON object that allowed them to add sub-users to their account.