A simple off-the-shelf laser pointer could be combined with a very basic computer to disrupt the multithousand-dollar laser ranging, or Lidar, systems installed in most self-driving cars, a security researcher warned last week.
A setup that costs about US$60 could trick the Lidar system, which autonomous vehicles use to sense objects in the road, into responding as though there were obstacles ahead in situations where there were none, said Jonathan Petit, principal scientist at Security Innovation.
That type of hack wouldn’t cause the driverless car to crash, but it could force the vehicle to slow down or even stop. In a worst-case scenario, the spurious signals could force an autonomous vehicle to remain stationary due to its sensing of phantom obstacles.
Petit, who recently joined Security Innovation, co-authored a paper describing a proof-of-concept attack, based on experiments carried out while he was a research fellow at the University of Cork’s Computer Security Group. The paper, “Potential Cyberattacks on Automated Vehicles,” by Petit and Steven E. Shladover, who was a master’s student at the university when he worked on the project, is slated for presentation at the Black Hat Europe security conference in November.
The researchers sought to test the vulnerabilities of autonomous vehicles — notably their sensors, which appeared to be the technologies most susceptible to a simple attack. To actually hack the systems, they developed a simple setup that included a low-power laser and a pulse generator.
In previous research, hackers had attempted to spoof a self-driving car’s GPS devices or wireless tire sensors. However, the Cork team aimed to create a problem by making the sensors detect something that actually wasn’t there.
“The outcome was to create fake objects that would be detected by the Lidar system,” Petit told TechNewsWorld.
The sensors in the system rely on a classifier to determine what an object might be, he added.
“All these sensors will detect noise, and nothing is 100 percent reliable, but if the Lidar picked up some reflections, it will basically try to do a check and determine if there is in fact a problem,” Petit explained.
The hack affects the Lidar system only. Cameras and other vehicle sensors used to confirm that there is in fact an object ahead are unaffected.
Short- and Long-Term Hacks
When a phantom object is detected, the car may exhibit both short- and long-term responses. The short-term reaction may be nothing more than an unnecessary stop. However, a system that’s tricked into believing there’s a blockage in the road could change the car’s plotted course and take an alternate route, possibly affecting affect the trip in the long term.
“This all depends on how the system reacts to what it sees ahead,” noted Petit. “The outcome depends on sensor fusion” — that is, combining sensory data that has been derived from disparate sources, which reduces uncertainty.
“A camera could check the data,” Petit explained, “but we know that an attacker could also target the other sensors. The concern is that if there are too many false positives, systems will be shut down one by one, and then the damage that any one attack can do is worse.”