In “of course it got hacked” news, a security researcher has hacked California’s new digital license plates. Only a few months after they were legalized, researcher Sam Curry has noted that he and his friends were able to attain “full super administrative access” to all of the user accounts linked to Reviver, the company responsible for selling California’s modernized plates.
What could they do? Well, track GPS locations of every registered user, manipulate data on user’s plates, and even report vehicles as stolen. Revolver, the company behind the plates, has admitted that they patched the software vulnerabilities that allowed the hack to occur.
Why do we care?
One of the key roles of those doing implementation is advising customers on what to do… and what not to do. Of course, they were hacked… and there’s little to no reason this should have ever been a thing. Just because you can do a thing doesn’t mean you should.
I want providers to listen to this story and ask harder questions of “Should we really do this?” regarding technology. Put this in a digital transformation context. Yes, transform processes into digital ones that make sense. Yet be deliberate to not convert one for the sake of converting it.
What problem was a digital plate solving that wasn’t solved with a metal one that’s unhackable, combined with other technologies? Someone should have asked that.