Hackers can modify digital license plates so that others pay their tolls and fines.

Digital license plates, which are already legal for purchase in a growing number of states and can be used for driving across the country, offer several advantages over traditional metal plates. One of these is the ability to instantly modify their display, allowing them to show everything from novelty messages to alerts about vehicle theft. However, a security researcher has demonstrated that they are also susceptible to hacks that can facilitate illegal activities, such as changing the car's license plate number to evade traffic fines and tolls, or even framing other drivers.

Josep Rodriguez, a researcher at the security firm IOActive, has shared a method to "jailbreak" digital plates marketed by Reviver, the leading supplier in the U.S., with about 65,000 plates sold. By removing a sticker on the back of the plate and inserting a wire into its internal connectors, he can rewrite the plate's firmware in a matter of minutes. With this new firmware, the plate can receive commands via Bluetooth from a mobile application, allowing its display to be changed instantly to show any character or image.

Rodriguez warns that this vulnerability could be exploited by drivers to bypass systems that rely on license plate numbers for regulation or monitoring, such as tolls, speeding tickets, and automatic license plate readers used by police to track criminal suspects. “You can display whatever you want on the screen, which users shouldn’t be able to do,” explains Rodriguez, illustrating the potential for criminal use.

Furthermore, a modified license plate number can appear as that of another vehicle, meaning that the true owner of that plate could receive fines and fees from the offender. “If you can change the license plate number at will, you can really cause problems,” Rodriguez adds.

Aside from the legal implications, jailbreaking would also allow drivers to access features of the plates, such as integrated GPS tracking, without having to pay the $29.99 monthly subscription fee charged by Reviver. Since the vulnerability to rewrite the firmware exists at the hardware level in Reviver's chips, Rodriguez asserts that the company won’t be able to fix this issue with just a software update; they would need to replace the chips in every plate. This suggests that Reviver's plates could remain vulnerable despite Rodriguez's warnings, something that transportation policymakers and law enforcement should consider as digital plates are implemented across the country.

IOActive attempted to communicate its findings to Reviver over the past year and presented its research to the U.S. CERT, which also tried to contact the company. However, Reviver stated that it only learned about the jailbreak research when asked about it. In a statement, the company emphasized that jailbreaking a digital plate to evade fines or surveillance would be a criminal act. They claimed that this process requires physical access to the vehicle and plate, as well as specialized tools and expertise, and is unlikely to occur under real conditions.

Although Rodriguez acknowledges that the plate must be removed from the vehicle to perform the jailbreak, he disagrees that specialized tools or expertise are required. His technique, while initially complex, can be simplified once reverse-engineered. If a jailbreak tool were leaked or sold online, anyone could easily tamper with their own plate.

Rodriguez also warns that this technique could be used not only by a plate owner but also by hackers who want to interfere with others' plates without their owners being aware, which poses additional risks.

The situation is further complicated by the need for physical access to the plate and the time required to execute the hack, in addition to overcoming a notification system that alerts the owner when the plate is removed from the vehicle. This means that an attempt to sabotage license plates, while possible, would be complicated.

This is not the first time Reviver’s systems have been breached; last year, another researcher found vulnerabilities in the company's web infrastructure, although these were quickly resolved. While Rodriguez’s hacking method is more complicated than the previous one, its potential for misuse is appealing to certain drivers who wish to temporarily change their license plate numbers.

Digital plates are already legal in California and Arizona, and more states are expected to consider their legalization in the future. As these plates expand, it is crucial for manufacturers, transportation regulators, and law enforcement to be aware that any system relying solely on license plates as identifiers could be susceptible to digital manipulation, potentially leading to confusion and serious issues.