At Black Hat Europe, a speaker will show to trick an self-driving car into stopping for things that don’t exist. Jonathan Petit will show remote attacks on camera-based system and LiDAR using cheap hardware that can spoof LiDAR systems costings thousands of dollars. Results from laboratory experiments show effective blinding, jamming, replay, relay, and spoofing attacks.
With about $60 in hardware Petit was able to create fake echos of a complete car and beam them to a location to trick an Ibel LiDAR laser scanner. He can also create a ghost pedestrian or wall from 50 to 100 feet away. The device is a consists of a laser pointer and pulse generator.
Petit recorded the pulses for the LiDAR unit that are not encrypted and plays them back at another time.
The same device could be used to blind a human driver, just by shining a strong laser pointer in their eyes.
Petit proposes software and hardware countermeasures that improve sensors resilience against these attacks. As such, sensors are also deployed in today’s cars for advanced driver assistance systems (ADAS), however th3e results have a short-term relevancy beyond automated driving.
Autonomous automated vehicles are equipped with multiple sensors (LiDAR, radar, camera, etc.) enabling local awareness of their surroundings. A fully automated vehicle will solely rely on its sensors readings to make short-term (i.e. safety-related) and long-term (i.e. planning) driving decisions. In this context, sensors have to be robust against intentional or unintentional attacks that aim at lowering sensor data quality or alter sensor input to disrupt the automation system.
Jonathan Petit is a Principal Scientist for Security Innovation, Inc. He is in charge of leading projects in security and privacy of automated and connected vehicles. Previously, he was a Research Fellow in the Computer Security Group and The Mobile & Internet Systems Laboratory at University College Cork, Ireland.