A team of security researchers has identified a vulnerability in the app and website of Reviver, a startup offering digital license plates. The team pointed out that the system could be hacked and that it was able to gain full administrative access to all user accounts of all Reviver-registered connected vehicles.

With such access, hackers could reportedly track registered users' GPS locations, manipulate digital license-plate data, report vehicles as stolen, and access dealers who package Reviver’s plates (ex: Mercedes-Benz) by updating default images while the cars still have dealer tags.

The issue has been communicated to Reviver and has been resolved. The company also confirmed that no third party made use of the vulnerability to hack into the system.

Analyst QuickTake: Reviver is a legal seller of digital license plates in California, Arizona, Michigan, and Texas offering the plates on a software-as-a-service (SaaS) basis starting from USD 20 per month. However, such incidents still indicate the disturbing vulnerabilities connected vehicle features have today, especially as the company claimed its cloud system was free from security breaches when it got approval to sell plates in California last October.