A research fellow at the University College of Cork, Ireland, has discovered a way of tricking self-driving vehicles into thinking a car, pedestrian or wall is in front of them, forcing the vehicle to take evasive action.
Jonathan Petit, who is also the principal scientist at Security Innovation, outlines in a research paper how a self-driving car’s Lidar (light detection and ranging) sensing technology can be tricked into seeing phantom objects using a home-made electronics kit costing less than $60.
In the paper, which is to be presented at the Black Hat Europe security conference in November, Petit describes how a system built with off-the-shelf components such as a Raspberry Pi or Arduino and a light-emitting laser can fool the cars from up to 330 feet. The attacks can take place from in front, from the side or behind the vehicle and without alerting the passengers. The method doesn’t even require the laser beam to be accurately focused on the Lidar unit, according to IEEE.
Petit began by recording pulses from a commercial Ibeo Lux Lidar unit. As they were not encrypted, he could access them and play them back at a later date in order to make the Lidar system believe objects were in its path.
“The only tricky part was to be synchronized, to fire the signal back at the Lidar at the right time,” said Petit. “Then the Lidar thought that there was clearly an object there […] I can spoof thousands of objects and basically carry out a denial-of-service attack on the tracking system so it’s not able to track real objects.”
Google, Lexus, Mercedes, Audi and other car manufacturers all user Lidar on their prototype driverless cars. Petit has suggested the manufacturers implement a “misbehavior detection” system that can filter out implausible objects to protect self-driving vehicles from this type of attack.
The discovery is the latest in a series of reported vulnerabilities found in modern vehicle technologies; Chrysler mailed out patches for its Jeep Cherokee security flaw on USB drives yesterday, and last year a Chinese security firm successfully hacked a Tesla Model S to take control of its systems.