@Adirondack Homestead you think the gas tax that has not changed since the 70s (pretty sure, from memory) is enough to maintain roads? All tax payers, driving or not, subsidize roads and when companies like Amazon that ships more than anyone does not pay taxes, the burden on the indiviual tax payer increases even more.
@Adirondack Homestead or they can charge the real causes of the damage to the roads. The trucking industry accounts for 80 to 90 per-cent of road damage. Yet they only pay around 30% of road taxes.
ANY car made in the past 3 years is already GPS'd and digitally connected to the "home office". Working for one of the auto companies, I can tell you we knew how hard you put on the break, did you use a blinker during a turn, how fast were you going, etc. We knew EVERYTHING. We knew WHERE you were, where you went, how fast you went there, how you drove, and more. LEO and Insurance have been talking to all these companies to gain access to this data for "insurance and accident purposes". Yea, no. It's about "Hey, our data shows that at 8:32PM on this date, your vehicle exceeded the speed limit by 5mph, here is your ticket for exceeding the speed limit. Please pay by this date".
I work in the IT field. I have an Associates in Network Administration. This seems like a complete and total absolute nightmare. Let's take all the security issues and vulnerabilities that the "Internet of Things" has and apply it to a mandated form of vehicular identification. That'll go about as smoothly as riding 40 grit sandpaper down Devil's Slide in Utah
Exactly. This vulnerability was found by someone apparently benevolent - but I guarantee that there are and will be other vulnerabilities, and the next ones may not be found by people with good intentions.
"Associates in Network Administration" You are a hack... The issue was that they were able to elevate an account using the mobile app account NOTHING to do with the actual plates. You really need to return that certificate, or go back to school.
BS in cybersecurity guy here and I couldn't have put it better, love your analogy. Don't know if you've heard this one before but the infosec joke a prof told me in college about IoT is that the S in the acronym stands for security.
Buried somewhere deep in the EULA for that plate is probably a statement that says all data collected belongs to the plate manufacturer and can be sold off at their sole descression. Insurance companies would love to get their hands on this level of data to start sending out rate increases to anybody they can determine is a higher risk than initially quoted.
Your insurance company doesn't need the license plate company, most cars already have a cellular data connection, but also you carry your phone everywhere, and they can just pay for your phone data.
As with most things the actual reason is played down, the entire reason for these plates is to track people’s movements. They add on custom messages and other perks to entice people to want to give away their privacy.
@@chubbysumo2230 It is a lot harder to get personalized cell phone data like that, then you still can't be sure if the phone belongs to the driver or passenger. A device that is stuck directly to a vehicle doesn't have that data ambiguity.
I love that the company's statement was basically _"We fixed a problem that we created due to our negligence once it was pointed out to us. We're so proud of ourselves!"_ XD
Government does that all the time and get big promotions and bonuses too at the cost of the sheeple that got screwed and now paid for the promotions and bonuses.
How do you know these are designed for people who don't really make wide decisions? This company wants us to believe that this statement just made hackers decide to never try again.
I hope the hackers get back to work exposing the next set of vulnerabilities. The fanboys with the Teslas will still want their E-plate. More money than brains crowd loves these plates.
Officer: "Your plate doesn't seem to be registered to your car." Driver: " Hang on a sec. Let me change the batteries, upload the software update, and reboot."
True story. When the original Star Trek TV show was being made, they needed a salt shaker for a scene. The art department tried to design a salt shaker that looked like it belonged on a spaceship, but everything they came up with looked stupid. So, they ended up using a salt shaker from the studio cafeteria. The point is that some things are so simple and perfectly designed, that you can't improve on them. I think a license plate falls into this category. The episode was called "The Man Trap", BTW.
They were hacked a bit faster than I thought. Saw that coming when it was announced - definitely solving a problem that doesn't exist. Imagine all the fun you could have with avoiding toll collections, red light cameras, etc. plus the bonus of stealing personal information, GPS info, etc. that could be used for other reasons.
Where are all the fake experts that said letting people fix their cars will let people be tracked to try and defeat the right to repair bill in Massachusetts? Here the state is installing the trackers. Just like the manufacturers are installing tic toc after testifying you can't let people fix phones or they will install it. I'm not shocked, government and security are opposites. Don't forget when clinton leaked the nuke launch codes. 00000000 and BOOM pretty mushrooms.
I bet you'll be able to buy toll defeaters on Amazonn in a couple months that hack the digital license plate for you. Kinda like those boxes that would unlock TV channels at your home back in the day. I would honestly buy one of those cause toll roads shouldn't be allowed anywhere. Open access to roads should be paid for with tax payer money as it's clear the massive economic benefit increase mobility has created since the dawn of the vehicle. Their inventions have more than paid for themselves due to how much richer vehicles has made us.
@@WitchMedusa Tolls make sense for maintenance of certain bridges. The funny thing is that there are some around me that have tolls that they specifically stated that the tolls would go away after some odd years since they knew how many people cross them each day. This was to recoup the loss. Funny thing is that those tolls are still there and it is because they now expect that money. The second a politician or government person starts breathing then you know they are lying.
As I said before and I'll say again, some things just don't need to be converted to digital, and some systems shouldn't be connected to the internet as doing either or both only opens the door to be exploited. They just never learn.
It's all about attack utility, with systems like this the payoff for a successful attack is HUGE, even if the attack itself is hard to do if it can be done it pays off, while dumb analog systems can be a lot easier to attack they can't be attacked at scale. It's the same problem with voting, the traditional ballot system has it's flaws but it's impossible for one guy in a basement to hack the entire election count system while an electronic system HAS this possibility.
@madmax206922: One statement a professor of communications related to tv productions special effects that also relates to things on the internet said “just because you can doesn’t mean you should.
The insidious part is, the government wants to track your every movement, and they want you to pay for it! Be cool and get a digital plate for some ridiculous price! If you just happen to be someone famous, or someone important, nefarious people may want to know your whereabouts. And today, who knows what may happen that could put you in the spotlight? Speak out at a PTA meeting lately? Witness a crime? Maybe you didn’t think anyone cared about your daily movements because you’re a nobody, but today that can change in an instant.
The desire for states to move to digital plates is the ability to track at all times since the plate belongs to the state. Just a way for big brother to keep track of you.
yeah, I find the privacy issue very offending. tracking me at any time? or keeping a database of all times more like it. i know these smart plates are just going to be a nightmare
@@Powerforged correct but for the government to get that info most of the time they would need a warrant. Digital plates are issued by local government and they would, in theory, not need to jump through any legal hoops to obtain your driving and location data.
Don't trust anyone with your information. Because you are the only one who truly cares about your information. Everyone else will just pay for a service and walk away, even if they screwed your life up in the process.
Your information is often out there whether you like it or not. That’s not a problem generally. The problem is the sea of idiots out there with access that assume it’s true when a host of things can screw it up and, even if it were always valid and reliable, assume it means things it doesn’t actually mean.
@@BeingMe23 yes, they can be tracked… but locations can be spoofed and gps and accelerometers are only so accurate, etc. It’s silly to use a phone’s alleged position to associate the owner with a crime, give them an alibi, infer they’re a good driver or reckless driver, and almost anything else that people want to assume or infer. Just the other day didn’t Steve have a video about a bogus warrant and some old lady getting raided because of a phone that was stolen with a bunch of guns? The best, most reliable data doesn’t fix stupid and it doesn’t fix evil and most people are some combination thereof.
Oh I personally know that all the info is out there. A lot because people freely give it out. But a good share of it is because of so many breaches of information in the past.
"Do we really need a more advanced license plate than a chunk of metal?" This is exactly how i feel about those digital remote RFID keyfob things.... if it was an option i'd pay extra for a simple metal key.
Things are starting to come together. These new plates share your GPS location, and the new spending bill included a law to mandate wireless kill switches on vehicles. Vehicles are already 70... 80... 100k. All these new electronics just keep pushing the prices higher with no benefit to the average owner. I think I'll keep tossing money into my 2005 Tahoe with around 225k miles. It seems to be a more private, cheaper option.
As someone who has worked for banks in the past, I believe them when they say used the same security as banks. The lack of security and potential risks I saw on a daily basis from banks made me always answer the question of which bank should I use with none of them. You're safer burying you money in a glass jar in the backyard.
As somebody who has worked in IT his entire career I hear stories like this and just shake my head. No system is hack-proof...there's always somebody smarter than you out there and if the right person/entity wants into your system, they'll find a way. So, the less unnecessary "connected" technology you use, the fewer chances hackers have to ruin your life
I worked digital electronics twenty years in the Marines, I want nothing digital that doesn't have to be. Most people don't realize just how easy it is to hack.
@@agalerex also, if they could have a left-handed monkey wrench that was digital. I know people who buy anything as long as they think it’s the old cutting edge like the sharper image used to have on its front page whether it worked or not, it doesn’t make a difference. People will buy anything. I thought your answer was great thank you. Have a good day.
Search warrant to get records indicating where the car was/is without the driver’s knowledge is a new twist to tracking cars. You could also search for vehicles on every road that they appear to be speeding to issue tickets.
I can't imagine buying one of these plates knowing that anyone who gets an employee login can change the plates and track everywhere you've been since you got it. I worked at a place that did it right. It boggles my mind that *anyone* in LastPass had access to the production database in unencrypted form, let alone some random license plate provider.
That's why God created monitoring systems that let you track every single action an employee takes, including which specific screens they even look at. precisely to prevent the kind of thing you're describing. Unfortunately, hardly any managers anywhere think these systems are worth implementing. I worked for one of the largest counties in the US, with primary responsibility for internal access the the county's Enterprise Resource Planning system. My Director refused to let me implement those monitoring systems, even though they were included in the $26 million that we already paid for the system. And when I manually discovered and documented the fact that various department heads were accessing the personal information, including confidential health records, of people who didn't even work in their departments, the Director threatened to fire me if I didn't drop the matter. (I took it to the County Manager, gave them full documentation, and quit.) I'm glad to hear that the place where you worked did it right. That gives me some hope.
@@ednafronkelbarger8601 You don't need to be draconian about it. You just need proper security controls. Why were the confidential health records not encrypted with a key for which access is audited? *That* is the right answer. Don't say "we need to install a video camera in the car and home of every employee to figure out who is coming into our building after hours to steal stuff." You say "Let's restrict what the keys we give employees will open." The place I worked was Google, FWIW, which is why it's the only one of the big companies I trust with vaguely personal information. It was really annoying, because I couldn't even find out how many customers were using the system I wrote without going thru various levels of approval to count the number of customer records. I had to write a program, get it approved via code review, commit it, compile it in the cloud compiler so the executable got signed by the right keys, deploy it, let it run, then try to read the logging output. (It got easier when they started using Spanner internally. Then you could write SQL, get it approved, check it in, wait for the servers to run it, and then see what the result was.) All the fields of data everywhere in storage needed to be marked with one of a dozen or so markings saying what kind of data it was and how much privacy it needed. Is this just a number, or an ID, or an ID that refers to a specific user? And if you tried to log the wrong kind of data in a place that wasn't protected by the right kind of login, the check-in tests would fail you. It was actually pretty impressive. The difference is that Google knows there are lots of people supplying very similar products, so users would flee if it turned out they leaked as much data as facebook or equifax. But Amazon knows they'd lose a bunch of money (stuff being bought and not paid for) and Google knows people would switch to other services, so they take care to make sure it's secure. Companies that don't lose anything when they screw up? Yeah, they don't care. Nobody working where you were would be personally losing money if someone found out directors were looking at health records.
@@darrennew8211 "You don't need to be draconian about it. You just need proper security controls. Why were the confidential health records not encrypted with a key for which access is audited? That is the right answer." No, that's the wrong answer. Encryption has nothing to do with anything in this case. If you have the authorizations, you're going to have access the data, whether it's stored in encrypted form, or written on used cupcake wrappers and stored in an orange crate. Every world class ERP system DOES have authorization objects attached to transactions and to programs (not the same thing, as I'm sure you know), and to organizational objects such as Division, Department, Business Area, Cost Center, etc. And, of course, to General ledger accounts for revenue, expense, assets, liabilities, etc. (It gets way more complex in the public sector). They also have authorization objects assigned to activities, such as Create, Change, Delete, and Display. That's as baseline as it gets. Kindergarten level, so to speak. And of course, there are auth objects for combinations of organizational objects, but those are basically useless, as any system security professional knows. Authorization objects are assigned in security profiles, which in turn are included in security roles, which in turn are assigned to User IDs. At the time the user logs into the system, their security authorizations are loaded into memory, and are checked at every step where authorization objects are required. At the same time, sophisticated ERP systems have derivation rules and substitution rules in which a certain combination of values for objects X,Y, and Z define the value of objects A and B. (These are some of the most dangerous entities, because a user may have authorizations for one side of the derivation or substitution rule, and use them to access elements on the other side for which they have no explicit access. I was dumbfounded when the representatives of most widely used ERP system on the planet told me they had no interest in assigning authorization objects to the output of these rules. Their response included the phrase "You're on your own"). In world class ERP systems, you're not dealing with users with a simplistic set of responsibilities and thus a simplistic set of authorizations, You're dealing with Managers who have authorizations related to General Ledger, Inventory, Purchasing, Accounts Payable, Accounts Receivable, Interdepartmental charges, Budget, Time Management, Payroll and Benefits, ESS and MSS, etc. What that means is that by access to organizational authorizations, which are common across all functionality (you don't have a different cost center for Purchase Orders than you do for Payroll), managers can and do have access to HCM data outside their purview. To call monitoring reports draconian or to equate then to a camera in every employee's home is just plain childish. They're a superb tool for identifying behavior outside the scope of a user's responsibility, and one of the best forms of audit records. Because you're right about one thing. When there's money involved, companies will be ultra strict about SOD, but when it's HCM data, "My people have to be able to do their jobs" trumps attempts to put proper controls in place.
@@ednafronkelbarger8601 The way I've seen it work isn't "managers get to see confidential data." It's "programmers write programs that are audited before release to give the managers the summary data they need without revealing stuff." Like, the CSRs of course need to look at your account. But they only have the keys needed to decrypt your account while they're assigned a bug that you created for that account. If you say "Well, my friend Steve did XYZ" then your friend Steve gets a pop--up on his phone saying "Google customer support wants to look at your account, ok?" And each customer has a separate encryption key. There's absolutely no reason I can think of why a manager would have all the encryption keys to decrypt the records for each and every employee, any more than there's a reason for people working on the hardware to have access to the disk encryption keys to do backups. If for some reason your job requires you to have access to details of every employee's health information at an individual level, then the auditing of you accessing that should be audited securely. You don't need to watch someone's screen and keystrokes. You need to notice they're looking at employee health records with no reason to do so, which is easy to do if each employee's records are encrypted with a different key stored in a system programmed not to release those keys without appropriate authorization. If your security authorizations don't change depending on what you're doing, adding keystroke logging and screen recording isn't going to help much, becasse that's only useful after the fact. If what you're talking about is normal auditing logs for access, well, sure, that's good. But your description made it sound like screen recording and keystroke recording, not "User X accessed User Y's personal records." If I am authorized to access all employees' personal information without any reason for allowing that, your security system needs improvement.
Inch by inch we are being plugged into the digital grid of the JWO for complete control. The clueless does not even notice why the government is handing free cellphones to homeless people with free service. They want everyone in their control grid. Wake up!
Laws constantly change, and usually not to our benefit. It reminds me of when it used to be illegal to search a dna database for familial matches to a dna sample. That now apparently has become routine. The company may not be sharing your information now, but I guarantee that at some point in the future they will.
I knew damn well it could be done. I considered buying one to hack it. The problem is, they are selling them on the basis they cannot be hacked. That's what got me interested in it when they first came out
@@C.Church But wait! There is the theory in Great Britain that it was NOT the Titanic that sank but its sister ship that had been in a COUPLE of collisions and had very expensive insurance. Which is why there was another sister ship nearby ready to pick up passengers but something went horribly wrong. In addition to what horrible wrong thing that was planned.
This is fundamental to bleeding-edge stuff. Companies who make gee-whiz stuff focus on the gee-whiz, because that's how they get their next round of funding or dramatic revenue growth. The engineers will say, "There could be a problem with X, we need to work on this" and marketing says, "Let's assume it will be okay."
Steve the gov. and WEF has to track your carbon foot print. They are already doing it in the UK. Dividing cities into sectors and you will need a hall pass to exit or enter at certain times. Its only a trial run I'm sure it will go over well. lol
That would be shut down so fast by the courts here in the United States, that it’s not even funny. The Us constitution guarantees the right to free travel between the states, it’s written in there as an amendment. They can’t just ban you from going somewhere to reduce emissions here. They can do it in other countries, but not here. That is one of the few constitutional rights we have in this country that hasn’t been attacked all that much yet. The only way you can be banned from going to certain places, is by due process. That typically involves a court ordered restraining order, and there are very specific circumstances that must be met for that to happen, usually felonious circumstances. However, if you have one of those, you have much bigger problems than that.
I don't really care about law...not a lawyer. However, I keep coming back to Steve bc when I hear him put some order to the chaos in our world through law, I feel comforted. With our politics being the way it is and people constant gas lighting and trying to twist reality, Steve makes me feel like I am not the crazy one...Steve's logic make complete sense....
Another problem I foresee with digital plates is that with all the photo-based toll and ticket enforcement now, what's to stop someone from rigging the plate to "accidentally" turn off when needed? I assume they're wired to the car, so it could be trivial to rig up some kind of kill switch.
Years ago I thought of making a spy movie type license plate shield you could toggle switch on and off. That must be a self evident idea though. I CANT have been the only one to think of it. It's just as easy to do as hacking... probably easier. Why isn't that a thing we hear about? I'm not so sure people will bother unless it becomes as simple as tap tap tap DONE.
To their claim to not share information with the law that will change.. They will say we only share when a warrant is issued just like the DNA companies say. That isn't a high bar to reach. There is no reason you should be tracked just by getting into your car. Yes I know are phones are tracked already but this keeping tabs on everyone all the time is a bit much.
The blog you mentioned the digital license plates were only the tip of the iceberg. They actively got access to many of the car companies internal systems
your announcer said an optimist thinks a housefly is looking for a way to get out... that's one of my favorite little tricks, when a housefly is buzzing around, I open the door for a minute and watch them fly right out! I guess my optimism like a psychic power...
In the middle ages and before, people used to chop small sticks in half down the middle and use two pieces fitting together perfectly as a means of confirming identity, account holding and the like. As far as I know, this was never hacked, as wacking a tally stick in half with a blade makes a unique code that cannot be replicated.
Having worked in the tech industry & seen how the sausage is made, I actually trust these companies _more_ about 1-2 years after I hear about their first major breach. New companies never take security all that seriously until it happens to them. When it gets bad enough, they finally hire a security team and put the necessary technologies & practices into place. But that's expensive, so start-up companies usually postpone this work. I don't know if this case counts for that, though. It makes more of an impact when real criminals actually get in. It depends on the company's management.
I'm as tech forward as anyone. Even 45 years ago when I was a kid I was usually the first to have video game consoles, hand held video games & a PC. I was an earlier adopter of VCR, CD, DVD, DVR and even streaming. I even like a lot of the tech that I used for my lights, HVAC and in my car. However, there are just some things that are just better being analog for lack of a better term and your license plate is one of them. I could see if it offered more security like using my phone to pay for things because it's actually more secure than swiping your credit card. However, the real time tracking part of this is really disturbing. Something like that can really put people's safety at risk.
@@TimoRutanen so, I was just watching an episode of the first 48 and a man was found dead in the back of his truck. His mom called him in as a missing person but he wasn’t found for 72 hours. Even after he was found the phone company wouldn’t just give the police tracking or account information without a warrant. There is a HUGE differences between the real time location information that could be gathered from these licenses plates & GPS information that cannot be tracked in real time & that there are barriers in place to keep just anyone from getting it.
With the push for electric cars, when will the manufacturers just start installing these as a part of the car itself? Most electric cars already have the gps tracking and internet connectivity so really it would just be a display tied to the rest to the car’s computer system. An easily replaced battery backup for the plate to display the ID would probably be useful though
Safety is the least of my worries with the location tracking. I'm more concerned with the privacy issues and police access to the system. I can guarantee that suing the police over misuse of the tracking information is going to be a pain in the ass because there's no specific case on point due to the newness of this technology.
In California you can just request the information from the DMV given a plate number. They are notified about the request, but the DMV will still give them your mailing address. You can have a separate physical address, and in CA, I generally recommend doing that whenever possible.
Steve I'm gonna change my digital plates to read "SLEHTO" and blow through all the red light cameras. 😅 Yeah this has so many practical issues I would never sign up for it. I think its also a matter of time before a Chinese company makes clones of these plates on AliExpress than can be programmed with anything. Modern cars like a Tesla already track us all over, the same with any car with OnStar or any satcom roadside service. Not to mention, our Smartphones!
Remember when they tried to do the same thing with luggage tags. Me neither. As a frequent business traveler at the time I thought it was not useful. First off frequent business travelers (whom I assume it was mainly market for) don't check luggage - they do carryon only. But 10 years later we have air tags which do all the same work and more, can be used without buying expensive luggage, and are not as limited. This digital license plate seems to be technology looking for a problem that does not exist. And also is more problem then solution.
I've seen one of these in Michigan, but based on the cost and the tracking possibilities I would never get one. My metal plates have been working just fine!
I recently had my refrigerator go out. It lasted almost 20 years. Every place I went trying to purchase one was wifi smart and $3k. I just want a damn refrigerator not wifi or a TV screen. Had to actually order one because the normal box stores only carry the high tech value crap
Idiots buy "smart" TVs to to let hackers view their family. Why you'd want strangers watching your kids watch TV with the ability to talk to them I cannot fathom. Heck, most people do not disable the sensors on their smartphone 😨
@@hicknopunk Why do people think they are so important that other people want to watch them or their family? People who think this and spread this garbage fearmongering are the real sickos.
@@no-cv4dx I am being sarcastic while talking about a real danger. There is no fear mongering going on, just search online for streams of people's cams like nest or a tv...they are an endless rabbit hole of of YIKES! If you don't think this happens ALL the time...I could never convince you as the danger is invisible to you. Oh don't me started on how many people allow access to the camera on their phone to anything that wants it instead of only allowing camera and messenger. The creeps are out there and are real. 😨 You don't let your internet browsers access your microphone do you?? It is on by default. I did white hat IT for decades before covid when I stopped working. Trust me, most people have many points of digital entry into their home. It is very easy to get a chromecast device to divulge the info so you can sit outside someone's home and control all connected devices and be trusted on them.
@@hicknopunk Microphone access is not enabled by default on browsers. More fear mongering. I'm sure you'll try to play it off again as sarcasm or whatever. "Whitehat" yeah right. yet another faker.
If it has a sim card, it's on the cellular network. Eventually, the carriers will stop using that particular generation. Just like your 2G and 3G phones, its communication features will one day no longer work.
You can bet some company will use tracking information to sell that info to the travel industry so they can send ads to you about the places you often visit. The same for stores you visit.
Digitized plates solve a HUGE problem: It was a goldmine of untapped data mining for a system people HAVE to enter into if they want a car and drive it around town but think they're smart for buying a "dumb car" and turning off their phones near business who are sold your info. Gee that was a big scary problem they had ta solve!
First thing I thought about when reading about the pilot program in No California is that they would be fantastic to hack to make a modern 007 License Plate
This is why I use an diabetic monitor but refuse to use a pump. Pumps can kill you by overdosing, underdosing and have little to no security and can be Bluetooth hacked by a bad actor who wants to hurt people. I make the decisions about when and exactly how much to take, not an unintelligent machine. My last a1c was 5.9!
Looping can help you and Bluetooth can be used securely if the companies involved wanted to. I do get where you’re coming from though. If it helps, the pumps I’ve worked with have a pretty solid basal and max rate function; was horrible for my drug infusion experiments in my lab but should be good for some of your worries IF USED CORRECTLY BY YOU.
The location tracking concerns more than the hacking, especially since it's a government issued item. After all, the government never misuses our information.
All digital plates are manufactured by one company, Reviver. And they are subscription based, with monthly costs of $19.95 for battery-powered and $24.95 for hard-wired. "Professional" installation runs an extra $150. There is no word on whether California still requires you to purchase a steel plate, but since both a front and back plate are require by law, it's likely that you still have to pay for a steel plate for the front. And there's no information on the actual cost of the plate, in addition to the subscription.
Imagine if someone were to make a digital plate scroll text that was their actual license plate number but it only shows one number at a time or is something excessively long like the entire text of a song's lyrics or even better than that it's the entire text of war and peace or a holy book. I can easily understand how this technology is easily abused.
I think the rules governing where and how a license plate is placed are quite strict. I mean some people have been fined for having a towing hook protrude in the way of viewing the plate from certain angles and that's already highly stupid. It might not be a big issue
I already have all the personal tracking and information gathering capability I need, right here in the palm of my hand. Can’t think of a single reason to stick another on my vehicle. Ultimately, I suspect this is step one toward taxing miles driven, with different rates depending upon times of day and locations. Now, couple that with governments wanting authoritarian control (think Canadian trucker protests) and it becomes a nightmare scenario.
Several years ago some states were worried about the decline in gasoline tax revenue due to lower gas prices and more electric vehicles on the roads. I remember hearing that Massachusetts and some other states were pondering the idea of instead of taxing the gasoline, how about we tax the miles people drive. In order for an idea like this to work, the state would have to require you to have a DMV or MVA provided GPS unit attached to your vehicle to track how many miles you drove within the state's boundaries. Privacy advocates came out in opposition because the state would always know where you are and what road you were travelling on at anytime. They also pointed out that if they know what road you're driving on, then they'll know how fast you're driving on that particular road and what the speed limit is at that section of the roadway. So not only would a state be able to tax your mileage, but also send you traffic citations for speeding. Thankfully the technology/infrastructure wasn't in place at the time. Knowing now that these digital license plates can track you using GPS should have us all worried. What if states require all cars to have them? Get ready to get speeding tickets sent in the mail for going 38 MPH in a 35 MPH zone if these digital license plates become mandatory. They won't need traffic cops or speed cameras anymore and they'll know everything about our driving habits, the places we go, the speed we drive. It's scary and I think it's coming.
@@X11CHASE It's not about "who's" driving the car. The registered owner of the car gets the traffic citation if this digital license plate scheme were to be implemented. Just like now if you lend your car to someone and they park it illegally, the registered owner gets the parking ticket. Just like now the registered owner gets the speed camera ticket no matter "who's" driving the car. Also if you lend your car to someone and they get into an accident with another car, it's you, the vehicle owner that pays the deductible, it's you that pays higher insurance rates.
My cousin has a 60-inch Flat Screen TV mounted to the back of his truck, that displays his license plate while driving, as well as every season of Duck Dynasty when he's parked at Walmart. Cletus has always been ahead of the curve.
I'm sorry to bother you on such an old video, but I'm too european (Swedish) to understand this. Do you Americans change your entire license plate every year like we swedes had pre 2010 a sticker we put every year on our license plate?
And the reason for the registry of license not for the reason it started out to be with except the ownership of the vehicle and show what state the owner lives, but stolen is not the reason just income to the state !...
To anyone with even a few months of IT experience, this is all obvious. But IT is the last to be asked about any of this. Shocked by nothing I'm hearing/seeing here. "The company has learned a valuable lesson." What does that even mean? This "lesson" has been a basic tenant of cyber security for decades. They ignored industry wide best practices and got caught. No one should trust them again.
little bit of big brother saying getting one allows the government to track your every move. Yes it is mention that the 3rd party doesn't share location data, doesn't mean they won't sell it...
In Illinois, several of our former governors make our license plates. The only change needed to that system is that our current governor needs to be added to the list.
Why is it that the states approving digital plates are those I consider the most intrusive. And moving into becoming police states. Not too mention they are states to avoid because of increasing crime, cost of living, homelessness, drug addiction, etc. And apparently an endless supply of incompetent and corrupt officials and politicians.
Do you remember the King Midget cars? Made in Athens, Ohio and were sold out of the back if Popular Mechanics and Popular Science magazines. I have an old 1956 Model 2.👍😁 "500 lbs Car for $500" was one of their advertisements.
I don't know about the other states but Texas' digital license plates are not for private autos. According to the Texas Dept. Of Public Safety website, "A vehicle may be equipped with a digital license plate only if the vehicle: 1. is part of a commercial fleet of at least 25 non-apportioned motor vehicles, semitrailers, or trailers owned, operated, or leased by a corporation, limited or general partnership, limited liability company, or other business entity and used for the business purposes of that entity; or 2. is owned or operated by a governmental entity; or 3. is not a passenger vehicle."
They fixed the disclosed vunerabilities, but you can absolutely guarantee that there are also unkonwn ones that are still there, and not disclosed yet, and that the fixes they did also have introduced further bugs that can be exploited. Remember that the Space shuttle had what is the most expensive code ever written, each line cost collectively over a million dollars to develop and verify, and yet, at the end of the shuttle program, they were still finding bugs in the code that either caused an edge condition, or which were subtle ones that caused slight errors. Even modern code has had bugs found in what is supposedly known working code, stuff that is the backbone of the entire modern connected world, and often the only solution is to say to people to throw this stuff out and buy new, because it is impossible to fix all of it, or the original manufacturer of the hardware no longer wants to support it at all, or is totally unable to do it, due to no longer having the expertise.
When a HKR gets access to a system 1st rule is to make several more root and hidden accounts and add more exploits. So if they patched one they still have at min 9 more to go.
Just a few issues about these from a 25yr IT veteran: The state doesn't need a GPS tracker on my car. Changing a plate to "stolen" will be subverted by replacing it with a stolen metal stamped plate. Hacking. A fender bender ending in a bent plate could be bent back by hand, a digital display is likely to be destroyed. The display would likely be an LCD or eInk display... lcd would require extra power, so eink would be better, either way both have viewing issues specific to each tech.
Here in the UK, we have a national vehicle registration database, and all plates have to conform with a standard format for font style, size and spacing, so that they can be read by automatic number plate recognition cameras. These are placed at many sites around the road network, as well as in most police patrol cars, and can be used to identify vehicles which have been flagged by the police as involved in crime, as well as being connected to a central database showing whether the vehicle has valid insurance, road tax and MOT (annual safety inspection). They are also used to monitor vehicles passing through toll charge zones and low emission zones, leading to penalty charges being automatically generated for vehicles where charges have not been paid. Big Brother is truly here.
It’s like that in the US too. The “plate recognition cameras” are called ALPR’s. Automatic license plate readers. They are mainly in large metro cities on patrol vehicles and I imagine there are plenty of cameras too, that do just what you described.
I began working in digital electronics n 1976, aviation gear working in the Marines. I dealt with digital problems with those systems rom the start, retired in 97, much worse, substantially more digital gear with less ease of access. Some things are best "stamped in metal", and license plates are one of them, in my opinion.
It’s all about the money. These digital plates are the gateway to tax by the mile.
@Adirondack Homestead you think the gas tax that has not changed since the 70s (pretty sure, from memory) is enough to maintain roads? All tax payers, driving or not, subsidize roads and when companies like Amazon that ships more than anyone does not pay taxes, the burden on the indiviual tax payer increases even more.
The government gets plenty of money from taxpayers , they just need to spend it wisely and not waste it
@Adirondack Homestead or they can charge the real causes of the damage to the roads. The trucking industry accounts for 80 to 90 per-cent of road damage. Yet they only pay around 30% of road taxes.
If you are the government, there is no such thing as plenty of money.
ANY car made in the past 3 years is already GPS'd and digitally connected to the "home office". Working for one of the auto companies, I can tell you we knew how hard you put on the break, did you use a blinker during a turn, how fast were you going, etc. We knew EVERYTHING. We knew WHERE you were, where you went, how fast you went there, how you drove, and more. LEO and Insurance have been talking to all these companies to gain access to this data for "insurance and accident purposes". Yea, no. It's about "Hey, our data shows that at 8:32PM on this date, your vehicle exceeded the speed limit by 5mph, here is your ticket for exceeding the speed limit. Please pay by this date".
"The more they overthink the plumbing the easier it is to stop up the drain."
Captain Montgomery (Scottie) Scott.
Gotta love Star Trek
I wish I'd thought to use that quotation. Bravo.
I thought he was chief engineer? I don’t exactly recall.
@@superdupercooper5826 He was he did get promoted that was his rank in TNG.
It certainly is.
I work in the IT field. I have an Associates in Network Administration. This seems like a complete and total absolute nightmare. Let's take all the security issues and vulnerabilities that the "Internet of Things" has and apply it to a mandated form of vehicular identification. That'll go about as smoothly as riding 40 grit sandpaper down Devil's Slide in Utah
I hope you minored in literature. THAT is an EXCELLENT comparison!
Exactly. This vulnerability was found by someone apparently benevolent - but I guarantee that there are and will be other vulnerabilities, and the next ones may not be found by people with good intentions.
OUCH!
"Associates in Network Administration" You are a hack... The issue was that they were able to elevate an account using the mobile app account NOTHING to do with the actual plates. You really need to return that certificate, or go back to school.
BS in cybersecurity guy here and I couldn't have put it better, love your analogy. Don't know if you've heard this one before but the infosec joke a prof told me in college about IoT is that the S in the acronym stands for security.
Buried somewhere deep in the EULA for that plate is probably a statement that says all data collected belongs to the plate manufacturer and can be sold off at their sole descression.
Insurance companies would love to get their hands on this level of data to start sending out rate increases to anybody they can determine is a higher risk than initially quoted.
Insurance companies did the opposite to achieve the same result, install a tracker to get "reduced rates" i.e. formally normal rates.
Your insurance company doesn't need the license plate company, most cars already have a cellular data connection, but also you carry your phone everywhere, and they can just pay for your phone data.
@@chubbysumo2230Not everyone has a smart car and meanie uncooperative citizens can turn off their phones or leave them at home.
As with most things the actual reason is played down, the entire reason for these plates is to track people’s movements. They add on custom messages and other perks to entice people to want to give away their privacy.
@@chubbysumo2230 It is a lot harder to get personalized cell phone data like that, then you still can't be sure if the phone belongs to the driver or passenger.
A device that is stuck directly to a vehicle doesn't have that data ambiguity.
I love that the company's statement was basically _"We fixed a problem that we created due to our negligence once it was pointed out to us. We're so proud of ourselves!"_ XD
Government does that all the time and get big promotions and bonuses too at the cost of the sheeple that got screwed and now paid for the promotions and bonuses.
How do you know these are designed for people who don't really make wide decisions? This company wants us to believe that this statement just made hackers decide to never try again.
@@freethebirds3578 Or the hackers will consider it as a challenge!
I hope the hackers get back to work exposing the next set of vulnerabilities.
The fanboys with the Teslas will still want their E-plate.
More money than brains crowd loves these plates.
@@davidparker9676 What about hacking the Teslas themselves?
Officer: "Your plate doesn't seem to be registered to your car."
Driver: " Hang on a sec. Let me change the batteries, upload the software update, and reboot."
As a computer engineer, allow me to sum up my reaction to digitial plates. "Oh hell no!"
True story. When the original Star Trek TV show was being made, they needed a salt shaker for a scene. The art department tried to design a salt shaker that looked like it belonged on a spaceship, but everything they came up with looked stupid. So, they ended up using a salt shaker from the studio cafeteria. The point is that some things are so simple and perfectly designed, that you can't improve on them. I think a license plate falls into this category. The episode was called "The Man Trap", BTW.
Another interesting fact is the plastic spray bottles they used were actually new technology at the time.
They were hacked a bit faster than I thought. Saw that coming when it was announced - definitely solving a problem that doesn't exist. Imagine all the fun you could have with avoiding toll collections, red light cameras, etc. plus the bonus of stealing personal information, GPS info, etc. that could be used for other reasons.
Where are all the fake experts that said letting people fix their cars will let people be tracked to try and defeat the right to repair bill in Massachusetts? Here the state is installing the trackers. Just like the manufacturers are installing tic toc after testifying you can't let people fix phones or they will install it.
I'm not shocked, government and security are opposites. Don't forget when clinton leaked the nuke launch codes. 00000000 and BOOM pretty mushrooms.
I bet you'll be able to buy toll defeaters on Amazonn in a couple months that hack the digital license plate for you.
Kinda like those boxes that would unlock TV channels at your home back in the day. I would honestly buy one of those cause toll roads shouldn't be allowed anywhere. Open access to roads should be paid for with tax payer money as it's clear the massive economic benefit increase mobility has created since the dawn of the vehicle.
Their inventions have more than paid for themselves due to how much richer vehicles has made us.
@@WitchMedusa Tolls make sense for maintenance of certain bridges. The funny thing is that there are some around me that have tolls that they specifically stated that the tolls would go away after some odd years since they knew how many people cross them each day. This was to recoup the loss. Funny thing is that those tolls are still there and it is because they now expect that money. The second a politician or government person starts breathing then you know they are lying.
When Blu Ray dvd's movies were first released, the encryption was UNDEFEATABLE. This was decrypted in about two weeks.
It solves a lot of problems for fleet vehicles. Just nothing for the average car owner.
Which is why they are (and should remain) "optional".
Tracking location real-time even if the plates weren’t hacked is concerning. Another Big Brother measure by CA.
*and 3 other states
As I said before and I'll say again, some things just don't need to be converted to digital, and some systems shouldn't be connected to the internet as doing either or both only opens the door to be exploited. They just never learn.
And two examples are license plates and currency
It's all about attack utility, with systems like this the payoff for a successful attack is HUGE, even if the attack itself is hard to do if it can be done it pays off, while dumb analog systems can be a lot easier to attack they can't be attacked at scale. It's the same problem with voting, the traditional ballot system has it's flaws but it's impossible for one guy in a basement to hack the entire election count system while an electronic system HAS this possibility.
@madmax206922: One statement a professor of communications related to tv productions special effects that also relates to things on the internet said “just because you can doesn’t mean you should.
99% of things require no internet to work. If you have more than a smartphone, that is your poor choice.
The insidious part is, the government wants to track your every movement, and they want you to pay for it! Be cool and get a digital plate for some ridiculous price! If you just happen to be someone famous, or someone important, nefarious people may want to know your whereabouts. And today, who knows what may happen that could put you in the spotlight? Speak out at a PTA meeting lately? Witness a crime? Maybe you didn’t think anyone cared about your daily movements because you’re a nobody, but today that can change in an instant.
The desire for states to move to digital plates is the ability to track at all times since the plate belongs to the state. Just a way for big brother to keep track of you.
yeah, I find the privacy issue very offending. tracking me at any time? or keeping a database of all times more like it. i know these smart plates are just going to be a nightmare
This is exactly why digital plates are being adopted.
Track you, and tax you by the mile.
I'm pretty sure that the auto insurance carriers, law enforcement agencies and the Dept. of Homeland Security will want in on this action too.
@@Powerforged correct but for the government to get that info most of the time they would need a warrant. Digital plates are issued by local government and they would, in theory, not need to jump through any legal hoops to obtain your driving and location data.
Don't trust anyone with your information. Because you are the only one who truly cares about your information. Everyone else will just pay for a service and walk away, even if they screwed your life up in the process.
Your information is often out there whether you like it or not. That’s not a problem generally. The problem is the sea of idiots out there with access that assume it’s true when a host of things can screw it up and, even if it were always valid and reliable, assume it means things it doesn’t actually mean.
@EnthalpyAndEntropy Few people talk about cell phones. There is tons of personal info and the phone can be tracked.
@@BeingMe23 yes, they can be tracked… but locations can be spoofed and gps and accelerometers are only so accurate, etc. It’s silly to use a phone’s alleged position to associate the owner with a crime, give them an alibi, infer they’re a good driver or reckless driver, and almost anything else that people want to assume or infer. Just the other day didn’t Steve have a video about a bogus warrant and some old lady getting raided because of a phone that was stolen with a bunch of guns? The best, most reliable data doesn’t fix stupid and it doesn’t fix evil and most people are some combination thereof.
Oh I personally know that all the info is out there. A lot because people freely give it out. But a good share of it is because of so many breaches of information in the past.
@@SimonTekConley Yup. Especially all those fools on Facebook.
"Do we really need a more advanced license plate than a chunk of metal?"
This is exactly how i feel about those digital remote RFID keyfob things.... if it was an option i'd pay extra for a simple metal key.
Note: At the time this was posted, all attempts at hacking conventional plates have failed!
Perhaps you should try a hack saw.
Things are starting to come together. These new plates share your GPS location, and the new spending bill included a law to mandate wireless kill switches on vehicles.
Vehicles are already 70... 80... 100k. All these new electronics just keep pushing the prices higher with no benefit to the average owner. I think I'll keep tossing money into my 2005 Tahoe with around 225k miles. It seems to be a more private, cheaper option.
As a rust belt resident: I weep for the day I can't find an older vehicle without a ton of bullshit electronics
Auto kill switches will drive the price of used cars up along with all the other computers, subscriptions, etc.
Just remember, there was a state governor that wanted the reporter arrested for exposing a flaw in a states data base.
As someone who has worked for banks in the past, I believe them when they say used the same security as banks. The lack of security and potential risks I saw on a daily basis from banks made me always answer the question of which bank should I use with none of them. You're safer burying you money in a glass jar in the backyard.
Wait... the FDIC insures glass money jars now? COOL!
As somebody who has worked in IT his entire career I hear stories like this and just shake my head. No system is hack-proof...there's always somebody smarter than you out there and if the right person/entity wants into your system, they'll find a way. So, the less unnecessary "connected" technology you use, the fewer chances hackers have to ruin your life
the old epoxy blob on the chip used on game cartridges was pretty hack proof.
Someone may copy it, but they can't change it.
I worked digital electronics twenty years in the Marines, I want nothing digital that doesn't have to be. Most people don't realize just how easy it is to hack.
Digital license plates
A solution looking to create a new problem
If you could get the people that buy this, you could sell them the USB toaster
Amazon sells a usb powered toaster night light. 🤣🤣
Or a DvD rewinder!
@@agalerex also, if they could have a left-handed monkey wrench that was digital. I know people who buy anything as long as they think it’s the old cutting edge like the sharper image used to have on its front page whether it worked or not, it doesn’t make a difference. People will buy anything. I thought your answer was great thank you. Have a good day.
@@keithe2150 left handed scissors are legit though
Something tells me that someone in government said, "Hey, If we make digital license plates legal will you give me a kick back?"
The golf course connection.
Nah! 'Ya think?? 🤣
This is just another clear sign that "big brother" is alive and well!
Search warrant to get records indicating where the car was/is without the driver’s knowledge is a new twist to tracking cars. You could also search for vehicles on every road that they appear to be speeding to issue tickets.
Ben hiding under Hillsborough book, over Steve's Right shoulder
Thanks
I can't imagine buying one of these plates knowing that anyone who gets an employee login can change the plates and track everywhere you've been since you got it. I worked at a place that did it right. It boggles my mind that *anyone* in LastPass had access to the production database in unencrypted form, let alone some random license plate provider.
That's why God created monitoring systems that let you track every single action an employee takes, including which specific screens they even look at. precisely to prevent the kind of thing you're describing. Unfortunately, hardly any managers anywhere think these systems are worth implementing. I worked for one of the largest counties in the US, with primary responsibility for internal access the the county's Enterprise Resource Planning system. My Director refused to let me implement those monitoring systems, even though they were included in the $26 million that we already paid for the system. And when I manually discovered and documented the fact that various department heads were accessing the personal information, including confidential health records, of people who didn't even work in their departments, the Director threatened to fire me if I didn't drop the matter. (I took it to the County Manager, gave them full documentation, and quit.) I'm glad to hear that the place where you worked did it right. That gives me some hope.
@@ednafronkelbarger8601 You don't need to be draconian about it. You just need proper security controls. Why were the confidential health records not encrypted with a key for which access is audited? *That* is the right answer.
Don't say "we need to install a video camera in the car and home of every employee to figure out who is coming into our building after hours to steal stuff." You say "Let's restrict what the keys we give employees will open."
The place I worked was Google, FWIW, which is why it's the only one of the big companies I trust with vaguely personal information. It was really annoying, because I couldn't even find out how many customers were using the system I wrote without going thru various levels of approval to count the number of customer records. I had to write a program, get it approved via code review, commit it, compile it in the cloud compiler so the executable got signed by the right keys, deploy it, let it run, then try to read the logging output. (It got easier when they started using Spanner internally. Then you could write SQL, get it approved, check it in, wait for the servers to run it, and then see what the result was.)
All the fields of data everywhere in storage needed to be marked with one of a dozen or so markings saying what kind of data it was and how much privacy it needed. Is this just a number, or an ID, or an ID that refers to a specific user? And if you tried to log the wrong kind of data in a place that wasn't protected by the right kind of login, the check-in tests would fail you. It was actually pretty impressive.
The difference is that Google knows there are lots of people supplying very similar products, so users would flee if it turned out they leaked as much data as facebook or equifax. But Amazon knows they'd lose a bunch of money (stuff being bought and not paid for) and Google knows people would switch to other services, so they take care to make sure it's secure. Companies that don't lose anything when they screw up? Yeah, they don't care. Nobody working where you were would be personally losing money if someone found out directors were looking at health records.
@@darrennew8211 "You don't need to be draconian about it. You just need proper security controls. Why were the confidential health records not encrypted with a key for which access is audited? That is the right answer."
No, that's the wrong answer. Encryption has nothing to do with anything in this case. If you have the authorizations, you're going to have access the data, whether it's stored in encrypted form, or written on used cupcake wrappers and stored in an orange crate.
Every world class ERP system DOES have authorization objects attached to transactions and to programs (not the same thing, as I'm sure you know), and to organizational objects such as Division, Department, Business Area, Cost Center, etc. And, of course, to General ledger accounts for revenue, expense, assets, liabilities, etc. (It gets way more complex in the public sector). They also have authorization objects assigned to activities, such as Create, Change, Delete, and Display. That's as baseline as it gets. Kindergarten level, so to speak. And of course, there are auth objects for combinations of organizational objects, but those are basically useless, as any system security professional knows. Authorization objects are assigned in security profiles, which in turn are included in security roles, which in turn are assigned to User IDs. At the time the user logs into the system, their security authorizations are loaded into memory, and are checked at every step where authorization objects are required. At the same time, sophisticated ERP systems have derivation rules and substitution rules in which a certain combination of values for objects X,Y, and Z define the value of objects A and B. (These are some of the most dangerous entities, because a user may have authorizations for one side of the derivation or substitution rule, and use them to access elements on the other side for which they have no explicit access. I was dumbfounded when the representatives of most widely used ERP system on the planet told me they had no interest in assigning authorization objects to the output of these rules. Their response included the phrase "You're on your own").
In world class ERP systems, you're not dealing with users with a simplistic set of responsibilities and thus a simplistic set of authorizations, You're dealing with Managers who have authorizations related to General Ledger, Inventory, Purchasing, Accounts Payable, Accounts Receivable, Interdepartmental charges, Budget, Time Management, Payroll and Benefits, ESS and MSS, etc. What that means is that by access to organizational authorizations, which are common across all functionality (you don't have a different cost center for Purchase Orders than you do for Payroll), managers can and do have access to HCM data outside their purview.
To call monitoring reports draconian or to equate then to a camera in every employee's home is just plain childish. They're a superb tool for identifying behavior outside the scope of a user's responsibility, and one of the best forms of audit records. Because you're right about one thing. When there's money involved, companies will be ultra strict about SOD, but when it's HCM data, "My people have to be able to do their jobs" trumps attempts to put proper controls in place.
@@ednafronkelbarger8601 The way I've seen it work isn't "managers get to see confidential data." It's "programmers write programs that are audited before release to give the managers the summary data they need without revealing stuff." Like, the CSRs of course need to look at your account. But they only have the keys needed to decrypt your account while they're assigned a bug that you created for that account. If you say "Well, my friend Steve did XYZ" then your friend Steve gets a pop--up on his phone saying "Google customer support wants to look at your account, ok?" And each customer has a separate encryption key. There's absolutely no reason I can think of why a manager would have all the encryption keys to decrypt the records for each and every employee, any more than there's a reason for people working on the hardware to have access to the disk encryption keys to do backups.
If for some reason your job requires you to have access to details of every employee's health information at an individual level, then the auditing of you accessing that should be audited securely. You don't need to watch someone's screen and keystrokes. You need to notice they're looking at employee health records with no reason to do so, which is easy to do if each employee's records are encrypted with a different key stored in a system programmed not to release those keys without appropriate authorization.
If your security authorizations don't change depending on what you're doing, adding keystroke logging and screen recording isn't going to help much, becasse that's only useful after the fact. If what you're talking about is normal auditing logs for access, well, sure, that's good. But your description made it sound like screen recording and keystroke recording, not "User X accessed User Y's personal records." If I am authorized to access all employees' personal information without any reason for allowing that, your security system needs improvement.
@@ednafronkelbarger8601 Nailed it. I wouldn't bother with the coder anymore.
Government and companies are always looking for ways to remove money from the citizens. Also a new system of control.
Digital plates are just another step towards taxing people by the mile.
Inch by inch we are being plugged into the digital grid of the JWO for complete control. The clueless does not even notice why the government is handing free cellphones to homeless people with free service. They want everyone in their control grid. Wake up!
@@reagandow850 Bollocks.
Laws constantly change, and usually not to our benefit. It reminds me of when it used to be illegal to search a dna database for familial matches to a dna sample. That now apparently has become routine.
The company may not be sharing your information now, but I guarantee that at some point in the future they will.
and the VERY first massive search will be to see who went to gun stores and shooting ranges by these crooked bloomburg plants.
They were always sharing your information, regardless of what the terns of service agreement stated. That's what I always assume.
@@keefjustkeith Even if they didn't share it. The NSA tapped the connection and scooped up the data to give to china anyways.
Did they arrest the person that discovered the flaw? Good thing they don't live in Missouri.
I knew damn well it could be done. I considered buying one to hack it.
The problem is, they are selling them on the basis they cannot be hacked. That's what got me interested in it when they first came out
Tsk! The Titanic won't sink! Gee fellas, why you so worried?
@@C.Church But wait! There is the theory in Great Britain that it was NOT the Titanic that sank but its sister ship that had been in a COUPLE of collisions and had very expensive insurance. Which is why there was another sister ship nearby ready to pick up passengers but something went horribly wrong. In addition to what horrible wrong thing that was planned.
Only good thing I can see is you turn it off when you park so they can't do those drive by scans.
Ben - In between books nearest the WRIF 101 sticker. Steve's right.
Good eye. I could not find the C-note at all. With your location I couldn't see it, until I put my glasses on, duh!
Can't wait to see that new car and vanity plate!
I knew there was a chip shortage and vehicle delivery is very slow right now but I didn’t know there was a five month wait for minivans
Minvans are the new station wagon. Zero cool. Maximum practicality
This is fundamental to bleeding-edge stuff. Companies who make gee-whiz stuff focus on the gee-whiz, because that's how they get their next round of funding or dramatic revenue growth. The engineers will say, "There could be a problem with X, we need to work on this" and marketing says, "Let's assume it will be okay."
You make marketing people seem smarter than are
Ben under the paperback in top of the left stack of MCL books.
Also yea they can track your car if stolen but also can be used to follow you.
Who didn't see this coming?!
The manufacturer.
Ben is perched behind Steve. Steve's behind, not our behind.
'behind Steve' is more than half of his stage.
I'll need to see Mr. Layto's set blueprints before I can corroborate your statement.
Don't fix what ain't broken.
The states will make more money off these plates
Steve the gov. and WEF has to track your carbon foot print. They are already doing it in the UK. Dividing cities into sectors and you will need a hall pass to exit or enter at certain times. Its only a trial run I'm sure it will go over well. lol
That would be shut down so fast by the courts here in the United States, that it’s not even funny. The Us constitution guarantees the right to free travel between the states, it’s written in there as an amendment. They can’t just ban you from going somewhere to reduce emissions here. They can do it in other countries, but not here. That is one of the few constitutional rights we have in this country that hasn’t been attacked all that much yet. The only way you can be banned from going to certain places, is by due process. That typically involves a court ordered restraining order, and there are very specific circumstances that must be met for that to happen, usually felonious circumstances. However, if you have one of those, you have much bigger problems than that.
One of my favorite RUclips channel's
I believe the law enforcement has gone to far....obviously they don't care of your personal information
@@flufffycow oh there are ways... 😏
I want to know why the license plate apparently requires a GPS tracker?
@@flufffycow ... an the penalty for the cops to abuse that for surveillance purposes is... zero?
I guess you missed the youtube video where the cop strip searched a women in the middle of the street. They have never cared.
@@flufffycow 50K volt seats will prevent that.
"The more they overthink the plumbing, the easier it is to stop up the drain." - Engineer Montgomery Scott.
I don't really care about law...not a lawyer. However, I keep coming back to Steve bc when I hear him put some order to the chaos in our world through law, I feel comforted. With our politics being the way it is and people constant gas lighting and trying to twist reality, Steve makes me feel like I am not the crazy one...Steve's logic make complete sense....
Another problem I foresee with digital plates is that with all the photo-based toll and ticket enforcement now, what's to stop someone from rigging the plate to "accidentally" turn off when needed? I assume they're wired to the car, so it could be trivial to rig up some kind of kill switch.
Years ago I thought of making a spy movie type license plate shield you could toggle switch on and off. That must be a self evident idea though. I CANT have been the only one to think of it. It's just as easy to do as hacking... probably easier. Why isn't that a thing we hear about?
I'm not so sure people will bother unless it becomes as simple as tap tap tap DONE.
@@C.Church they sell those on Amazon and eBay.
I was looking for this comment...
To their claim to not share information with the law that will change.. They will say we only share when a warrant is issued just like the DNA companies say. That isn't a high bar to reach. There is no reason you should be tracked just by getting into your car. Yes I know are phones are tracked already but this keeping tabs on everyone all the time is a bit much.
I'm waiting for the follow up to this story where the company sued the hackers.
I'd love to see the hackers sue them for false advertising.
The blog you mentioned the digital license plates were only the tip of the iceberg. They actively got access to many of the car companies internal systems
your announcer said an optimist thinks a housefly is looking for a way to get out... that's one of my favorite little tricks, when a housefly is buzzing around, I open the door for a minute and watch them fly right out! I guess my optimism like a psychic power...
Ben under the Hillsborough book
In the middle ages and before, people used to chop small sticks in half down the middle and use two pieces fitting together perfectly as a means of confirming identity, account holding and the like. As far as I know, this was never hacked, as wacking a tally stick in half with a blade makes a unique code that cannot be replicated.
Just another level of "Big Brother" keeping track of citizens. Despicable. SMH. JMO.
Having worked in the tech industry & seen how the sausage is made, I actually trust these companies _more_ about 1-2 years after I hear about their first major breach.
New companies never take security all that seriously until it happens to them. When it gets bad enough, they finally hire a security team and put the necessary technologies & practices into place. But that's expensive, so start-up companies usually postpone this work.
I don't know if this case counts for that, though. It makes more of an impact when real criminals actually get in. It depends on the company's management.
I'm as tech forward as anyone. Even 45 years ago when I was a kid I was usually the first to have video game consoles, hand held video games & a PC. I was an earlier adopter of VCR, CD, DVD, DVR and even streaming. I even like a lot of the tech that I used for my lights, HVAC and in my car. However, there are just some things that are just better being analog for lack of a better term and your license plate is one of them. I could see if it offered more security like using my phone to pay for things because it's actually more secure than swiping your credit card. However, the real time tracking part of this is really disturbing. Something like that can really put people's safety at risk.
55 years ago I was dialing into my father's account and worrying programs, saving on tape
Well it's technically probably less problematic than having a private company have a gps tracker on everyone's phones..
@@TimoRutanen so, I was just watching an episode of the first 48 and a man was found dead in the back of his truck. His mom called him in as a missing person but he wasn’t found for 72 hours. Even after he was found the phone company wouldn’t just give the police tracking or account information without a warrant.
There is a HUGE differences between the real time location information that could be gathered from these licenses plates & GPS information that cannot be tracked in real time & that there are barriers in place to keep just anyone from getting it.
With the push for electric cars, when will the manufacturers just start installing these as a part of the car itself? Most electric cars already have the gps tracking and internet connectivity so really it would just be a display tied to the rest to the car’s computer system. An easily replaced battery backup for the plate to display the ID would probably be useful though
Safety is the least of my worries with the location tracking. I'm more concerned with the privacy issues and police access to the system. I can guarantee that suing the police over misuse of the tracking information is going to be a pain in the ass because there's no specific case on point due to the newness of this technology.
As a mainline gamer i can tell you Flatly if it is connected to the internet its hanging out there to be cut off.
In California you can just request the information from the DMV given a plate number. They are notified about the request, but the DMV will still give them your mailing address. You can have a separate physical address, and in CA, I generally recommend doing that whenever possible.
Steve I'm gonna change my digital plates to read "SLEHTO" and blow through all the red light cameras. 😅 Yeah this has so many practical issues I would never sign up for it. I think its also a matter of time before a Chinese company makes clones of these plates on AliExpress than can be programmed with anything. Modern cars like a Tesla already track us all over, the same with any car with OnStar or any satcom roadside service. Not to mention, our Smartphones!
Another reason I’m stuck in 90s 😂
So who didn't see this coming?
Remember when they tried to do the same thing with luggage tags. Me neither.
As a frequent business traveler at the time I thought it was not useful. First off frequent business travelers (whom I assume it was mainly market for) don't check luggage - they do carryon only.
But 10 years later we have air tags which do all the same work and more, can be used without buying expensive luggage, and are not as limited.
This digital license plate seems to be technology looking for a problem that does not exist. And also is more problem then solution.
I've seen one of these in Michigan, but based on the cost and the tracking possibilities I would never get one. My metal plates have been working just fine!
I recently had my refrigerator go out. It lasted almost 20 years. Every place I went trying to purchase one was wifi smart and $3k. I just want a damn refrigerator not wifi or a TV screen. Had to actually order one because the normal box stores only carry the high tech value crap
Idiots buy "smart" TVs to to let hackers view their family. Why you'd want strangers watching your kids watch TV with the ability to talk to them I cannot fathom. Heck, most people do not disable the sensors on their smartphone 😨
@@hicknopunk Why do people think they are so important that other people want to watch them or their family? People who think this and spread this garbage fearmongering are the real sickos.
@@no-cv4dx I am being sarcastic while talking about a real danger. There is no fear mongering going on, just search online for streams of people's cams like nest or a tv...they are an endless rabbit hole of of YIKES! If you don't think this happens ALL the time...I could never convince you as the danger is invisible to you. Oh don't me started on how many people allow access to the camera on their phone to anything that wants it instead of only allowing camera and messenger.
The creeps are out there and are real. 😨
You don't let your internet browsers access your microphone do you?? It is on by default.
I did white hat IT for decades before covid when I stopped working. Trust me, most people have many points of digital entry into their home. It is very easy to get a chromecast device to divulge the info so you can sit outside someone's home and control all connected devices and be trusted on them.
@@hicknopunk Microphone access is not enabled by default on browsers. More fear mongering. I'm sure you'll try to play it off again as sarcasm or whatever.
"Whitehat" yeah right. yet another faker.
@@no-cv4dx here is what chrome has on by default:
Calendar, call logs, contacts, location, microphone, physical activity, SMS, storage.
If it has a sim card, it's on the cellular network. Eventually, the carriers will stop using that particular generation. Just like your 2G and 3G phones, its communication features will one day no longer work.
The 'new and improved' syndrome.
You can bet some company will use tracking information to sell that info to the travel industry so they can send ads to you about the places you often visit. The same for stores you visit.
Imagine a plate changing their data to yours before every toll box.
my brother's expresson is "a high tech solution to a low tech problem."
Digitized plates solve a HUGE problem: It was a goldmine of untapped data mining for a system people HAVE to enter into if they want a car and drive it around town but think they're smart for buying a "dumb car" and turning off their phones near business who are sold your info. Gee that was a big scary problem they had ta solve!
First thing I thought about when reading about the pilot program in No California is that they would be fantastic to hack to make a modern 007 License Plate
I hope you give us a tour of your new car! Looking forward.
This is why I use an diabetic monitor but refuse to use a pump. Pumps can kill you by overdosing, underdosing and have little to no security and can be Bluetooth hacked by a bad actor who wants to hurt people. I make the decisions about when and exactly how much to take, not an unintelligent machine. My last a1c was 5.9!
Looping can help you and Bluetooth can be used securely if the companies involved wanted to. I do get where you’re coming from though. If it helps, the pumps I’ve worked with have a pretty solid basal and max rate function; was horrible for my drug infusion experiments in my lab but should be good for some of your worries IF USED CORRECTLY BY YOU.
This brings to mind the saying among mechanics "If it ain't broke don't fix it".
The location tracking concerns more than the hacking, especially since it's a government issued item. After all, the government never misuses our information.
I'm not surprised CA jumped right onto that sinking row boat
All digital plates are manufactured by one company, Reviver. And they are subscription based, with monthly costs of $19.95 for battery-powered and $24.95 for hard-wired. "Professional" installation runs an extra $150. There is no word on whether California still requires you to purchase a steel plate, but since both a front and back plate are require by law, it's likely that you still have to pay for a steel plate for the front. And there's no information on the actual cost of the plate, in addition to the subscription.
Just what we need. Something easily broken in every parking situation.
YEAH! I just bought a digital shovel last week! Go BITS!!!!!
Imagine if someone were to make a digital plate scroll text that was their actual license plate number but it only shows one number at a time or is something excessively long like the entire text of a song's lyrics or even better than that it's the entire text of war and peace or a holy book. I can easily understand how this technology is easily abused.
I think the rules governing where and how a license plate is placed are quite strict. I mean some people have been fined for having a towing hook protrude in the way of viewing the plate from certain angles and that's already highly stupid. It might not be a big issue
Imagine having some random advertising scrolling between your plate number as you drive down the road unbeknownst to you…
I already have all the personal tracking and information gathering capability I need, right here in the palm of my hand. Can’t think of a single reason to stick another on my vehicle.
Ultimately, I suspect this is step one toward taxing miles driven, with different rates depending upon times of day and locations.
Now, couple that with governments wanting authoritarian control (think Canadian trucker protests) and it becomes a nightmare scenario.
Going to be fun when they try and tax while driving on private roads. sorry big brother, drop dead.
American Democrats want this kind of control.
Several years ago some states were worried about the decline in gasoline tax revenue due to lower gas prices and more electric vehicles on the roads. I remember hearing that Massachusetts and some other states were pondering the idea of instead of taxing the gasoline, how about we tax the miles people drive. In order for an idea like this to work, the state would have to require you to have a DMV or MVA provided GPS unit attached to your vehicle to track how many miles you drove within the state's boundaries. Privacy advocates came out in opposition because the state would always know where you are and what road you were travelling on at anytime. They also pointed out that if they know what road you're driving on, then they'll know how fast you're driving on that particular road and what the speed limit is at that section of the roadway. So not only would a state be able to tax your mileage, but also send you traffic citations for speeding. Thankfully the technology/infrastructure wasn't in place at the time.
Knowing now that these digital license plates can track you using GPS should have us all worried. What if states require all cars to have them?
Get ready to get speeding tickets sent in the mail for going 38 MPH in a 35 MPH zone if these digital license plates become mandatory.
They won't need traffic cops or speed cameras anymore and they'll know everything about our driving habits, the places we go, the speed we drive.
It's scary and I think it's coming.
GPS on a car doesn’t prove who’s driving the car
@@X11CHASE It's not about "who's" driving the car. The registered owner of the car gets the traffic citation if this digital license plate scheme were to be implemented. Just like now if you lend your car to someone and they park it illegally, the registered owner gets the parking ticket. Just like now the registered owner gets the speed camera ticket no matter "who's" driving the car. Also if you lend your car to someone and they get into an accident with another car, it's you, the vehicle owner that pays the deductible, it's you that pays higher insurance rates.
I didn't read the blog about how it was hacked, but I think sometimes developers just underestimate the ability of people to figure things out.
My cousin has a 60-inch Flat Screen TV mounted to the back of his truck, that displays his license plate while driving, as well as every season of Duck Dynasty when he's parked at Walmart. Cletus has always been ahead of the curve.
I'm sorry to bother you on such an old video, but I'm too european (Swedish) to understand this. Do you Americans change your entire license plate every year like we swedes had pre 2010 a sticker we put every year on our license plate?
Reminds me of the reporter in Missouri that showed the flaws of a government system and was arrested as a criminal.
And the reason for the registry of license not for the reason it started out to be with except the ownership of the vehicle and show what state the owner lives, but stolen is not the reason just income to the state !...
I love technology for the problems it solves, not the ones it creates.
I'm with you Steve, leave them metal - it ain't broke and don't need fixin'
To anyone with even a few months of IT experience, this is all obvious. But IT is the last to be asked about any of this. Shocked by nothing I'm hearing/seeing here. "The company has learned a valuable lesson." What does that even mean? This "lesson" has been a basic tenant of cyber security for decades. They ignored industry wide best practices and got caught. No one should trust them again.
Cant wait to hear about the new ride and plate.
little bit of big brother saying getting one allows the government to track your every move. Yes it is mention that the 3rd party doesn't share location data, doesn't mean they won't sell it...
In Illinois, several of our former governors make our license plates. The only change needed to that system is that our current governor needs to be added to the list.
Why is it that the states approving digital plates are those I consider the most intrusive. And moving into becoming police states. Not too mention they are states to avoid because of increasing crime, cost of living, homelessness, drug addiction, etc. And apparently an endless supply of incompetent and corrupt officials and politicians.
Do you remember the King Midget cars? Made in Athens, Ohio and were sold out of the back if Popular Mechanics and Popular Science magazines. I have an old 1956 Model 2.👍😁
"500 lbs Car for $500" was one of their advertisements.
YES! We had one when I was a young teenager... 10 hp Kohler single cylinder, IIRC; death trap if you got in an accident though...
😮😮Toll cameras already gather data whenever I want to go somewhere in the Fort Worth Dallas area. That is more than enough.
Like a lot of things in this modern world, they ask 'can we?' They don't seem to ask 'should we?'
I don't know about the other states but Texas' digital license plates are not for private autos. According to the Texas Dept. Of Public Safety website, "A vehicle may be equipped with a digital license plate only if the vehicle:
1. is part of a commercial fleet of at least 25 non-apportioned motor vehicles, semitrailers, or trailers owned, operated, or leased by a corporation, limited or general partnership, limited liability company, or other business entity and used for the business purposes of that entity; or
2. is owned or operated by a governmental entity; or
3. is not a passenger vehicle."
They fixed the disclosed vunerabilities, but you can absolutely guarantee that there are also unkonwn ones that are still there, and not disclosed yet, and that the fixes they did also have introduced further bugs that can be exploited. Remember that the Space shuttle had what is the most expensive code ever written, each line cost collectively over a million dollars to develop and verify, and yet, at the end of the shuttle program, they were still finding bugs in the code that either caused an edge condition, or which were subtle ones that caused slight errors. Even modern code has had bugs found in what is supposedly known working code, stuff that is the backbone of the entire modern connected world, and often the only solution is to say to people to throw this stuff out and buy new, because it is impossible to fix all of it, or the original manufacturer of the hardware no longer wants to support it at all, or is totally unable to do it, due to no longer having the expertise.
When a HKR gets access to a system 1st rule is to make several more root and hidden accounts and add more exploits. So if they patched one they still have at min 9 more to go.
Just a few issues about these from a 25yr IT veteran:
The state doesn't need a GPS tracker on my car.
Changing a plate to "stolen" will be subverted by replacing it with a stolen metal stamped plate.
Hacking.
A fender bender ending in a bent plate could be bent back by hand, a digital display is likely to be destroyed.
The display would likely be an LCD or eInk display... lcd would require extra power, so eink would be better, either way both have viewing issues specific to each tech.
If I had found out about digital license plates on April 1st, I would have 100% believed it was satire!
Here in the UK, we have a national vehicle registration database, and all plates have to conform with a standard format for font style, size and spacing, so that they can be read by automatic number plate recognition cameras. These are placed at many sites around the road network, as well as in most police patrol cars, and can be used to identify vehicles which have been flagged by the police as involved in crime, as well as being connected to a central database showing whether the vehicle has valid insurance, road tax and MOT (annual safety inspection). They are also used to monitor vehicles passing through toll charge zones and low emission zones, leading to penalty charges being automatically generated for vehicles where charges have not been paid. Big Brother is truly here.
It’s like that in the US too. The “plate recognition cameras” are called ALPR’s. Automatic license plate readers. They are mainly in large metro cities on patrol vehicles and I imagine there are plenty of cameras too, that do just what you described.
I began working in digital electronics n 1976, aviation gear working in the Marines. I dealt with digital problems with those systems rom the start, retired in 97, much worse, substantially more digital gear with less ease of access. Some things are best "stamped in metal", and license plates are one of them, in my opinion.
Lehtos levity. Thanks for sharing interesting and sometimes funny situations. I enjoy your videos. Best wishes.
No Steve it to TRACK people’s movements!!!
That’s the only reason for digital plates!!