In “products I’m really not sure need to exist” news, a company called Reviver will sell you an app-enabled digital number plate for your car, if you live in one of the very few US states where it’s allowed.

It seems to be yet another way companies have found to add ongoing subscriptions to your driving experience - I may return to this topic soon. In return for your $20-25 a month, it enables such unmissable features as being able to switch your number plate into dark mode and displaying a tiny app-controlled banner under the plate; essentially a microtweet for anyone driving way too close to you I guess.

One feature that I can actually see some potential use for is that it contains enough tracking technology that you can see the location of your car by using the accompanying app.

The problem is that until recently it wasn’t just you and Reviver that could see where you are. Security researchers managed to find a way to alter their own user account so that they could see the live location of every vehicle who had one of these number plates. And a lot more besides:

  • Track the physical GPS location and manage the license plate for all Reviver customers (e.g. changing the slogan at the bottom of the license plate to arbitrary text)
  • Update any vehicle status to “STOLEN” which updates the license plate and informs authorities
  • Access all user records, including what vehicles people owned, their physical address, phone number, and email address
  • Access the fleet management functionality for any company, locate and manage all vehicles in a fleet

That vulnerability has been fixed now. But it’s events like this that make me wonder whether it’s really necessary to put app connections and internet-connected surveillance technology in absolutely everything a product designer can dream up, even if it’s possible to imagine the odd use for it.