If that tool were to leak or be sold online—Rodriguez himself says he doesn’t plan to publish his—he says anyone could use it to jailbreak their own plate in a matter of minutes. “They just need to connect a cable and install the new firmware, just like if you were jailbreaking your iPhone,” Rodriguez says.
Rodriguez also notes that his hacking technique could be used not just by a driver who wants to jailbreak their own plate, but also by someone targeting an unwitting owner of a plate too. If a hacker—or a parking valet or auto mechanic—could manage to remove a license plate and install their own firmware on it, Rodriguez warns, they could surreptitiously track a driver or even change their license plate number over the internet by programming the plate to connect to a server the hacker controlled.
In addition to the physical access and time necessary to pull off that hack, however, a license plate saboteur would also need to overcome a feature of Reviver’s plates that sends a notification to the owner when it’s detached from a vehicle. That would require jamming the plate’s radio communications while tampering with it, Rodriguez notes, an added wrinkle that makes the attack even less practical, though perhaps not impossible.
Rodriguez isn’t the first to hack Reviver’s systems. In 2022, security researcher Sam Curry found vulnerabilities in the company’s web infrastructure that allowed him to make himself an administrator in its backend database, with the ability to track or change license plates at will. Unlike Rodriguez’s hardware hacking, however, Reviver was able to quickly patch its web-based bugs to prevent Curry’s technique.
Although Curry’s web hacking method was far easier to pull off prior to Reviver’s patch than Rodriguez’s hardware hacking, he says that Rodriguez’s method would likely hold real appeal for certain scofflaw drivers, who might want to jailbreak their Reviver plates or simply buy pre-jailbroken plates online. “If you want to swap your license plate number, James Bond style, then drive at crazy speeds or something, you can change it for a few hours and change it back without even pulling into a parking garage,” says Curry. “The people who are causing havoc on the road would probably be into this.”
Digital license plates are currently legal to buy and register in California and Arizona (Michigan also briefly allowed them), with many more states considering legalizing them in years to come. As that rollout continues, Rodriguez and Curry argue that license plate makers, transit regulators, and law enforcement all need to be aware that any system that relies solely on license plates as an identifier may be susceptible to digital license plate hacking—with potentially chaotic consequences.
“You should assume people will mess with them,” says Curry. “And people need to accept the implications of that.”
Updated 12:48 pm EST, December 16, 2024: Clarified Michigan’s policy on digital license plates.