As with all good things in life, it’s all fun and games until someone figures out a way to spoil it. Digital license plates, now accepted as official plates in a few states, exemplify this case. When they first came out, people liked the ability to add personalized messages on the frame of the plate.

It can also let other drivers know a thief is driving the vehicle. Now, researchers have figured out how to jailbreak the plates to change the plate number before going through a toll booth. This means the “secure” plates are more vulnerable than anyone thought. If bad actors hack them, the user can evade tolls and have the bill sent to someone else.

Josep Rodrigues, a researcher at IOActive, discovered the method. He accessed the wires at the back of the plate, rewrote the firmware, and allowed him to change the lettering through an app.

“You can put whatever you want on the screen, which users are not supposed to be able to do,” Rodriguez said, quoted by WIRED. “Imagine you are going through a speed camera or if you are a criminal and you don’t want to get caught.”

Hackers can also evade subscription fees

Aside from changing the number plate to evade tolls, Rodrigez noted hackers could bypass security features, like GPS tracking, that are typically accessible with a $29.99 monthly subscription.

With over 65,000 drivers already using them on American roads, the costs could add up.

“It’s a big problem because now you have thousands of licensed plates with this issue, and you would need to change the hardware to fix it,” said Rodriguez.

He worries once it catches on that they’re vulnerable, people could steal them and sell them pre-hacked on the black market. They can hacked by their owners to make themselves invisible while they commit crimes.

The plate makers don’t think people will hack their products

Reviver, the primary manufacturer of digital license plates, said Rodriguez’s findings don’t raise any alarms. In fact, they said the “scenario is highly unlikely to occur in real-world conditions, limiting it to individual bad actors knowingly violating laws and product warranties,” and that “the jailbreak technique identified by IOActive requires physical access to the vehicle and plate, plate removal, specialized tools, and expertise.”

The company announced it will develop the newest generation to resist hacks like Rodriguez’s.