Security researcher Sam Curry and colleagues identified a vulnerability in the app and website of Reviver, a company that sells digital license plates in California, Arizona, and Michigan.
Taking advantage of the vulnerability, Curry gained "full super administrative access" to "all user accounts and for all Reviver connected vehicles."
With such access, the researchers could track registered users' GPS locations, manipulate RPlate data, and report vehicles as stolen.
Said Curry, "An actual attacker could remotely update, track, or delete anyone's Reviver plate. We could additionally access any dealer (e.g. Mercedes-Benz dealerships will often package Reviver plates) and update the default image used by the dealer when the newly purchased vehicle still had dealer tags."
View Full Article
Abstracts Copyright © 2023 SmithBucklin, Washington, DC, USA
No entries found