ZoZ Brooks’ talk during SEC-T 2018 is a good summary of attacks on sensors used in driverless vehicles, such as GPS, lidars, cameras, millimetre wave radars, etc. The talk is over an hour long, and while it is interesting to watch, for those of you with little time to spare the vulnerability part starts at 00:23:00.
A few highlights:
While not too easy, GPS spoofing is possible (and tools that make it easier can be purchased online). For example, a fake GPS source can be moved relative to the vehicle in a way that makes the vehicle believe that it itself is moving in a certain direction, allowing a hacker to control which position the vehicle (believes it) is at. Drone POC can be seen in Paolo Stagno’s talk from the same conference (A Drone Tale, All Your Drone Are Belong To US). Iran claims that this is how they caught RQ7 military drone, however ZoZ states that this is most likely not true since the signal used in RQ7 is encrypted, and also not used as primary sensor.
Lidars, often used for collision avoidance and map building, can also be hacked. Blasting the lidar with a ray of light at a right frequency (infra-red for example) prevents return of useful signals. Interestingly, if the light source is a bit weaker the attack can instead cause false positives (see Illusion and Dazzle: Adversarial Optical Channel Exploits Against Lidars for Automotive Applications by Shin, Kim, Kwon and Kim, or a more easy to read article published in The Register). Active spoofing can also be done quite easily, for example by painting a “tunnel” on a wall using absorbing paint, or using reflective surfaces (e.g. water) on the ground that would make faraway objects look closer (and smaller).
On the recent increase of articles about how deep learning recognition models can be tricked with very little noise (see Robust Physical-World Attacks on Deep Learning Visual Classification or a more easy to read article in All About Circuits) ZoZ reminds us that this research is usually done by AI researchers who know how the algorithms are designed, and that it would be much more difficult if it had been a black box example.
Written by Ana Magazinius, RISE Viktoria.
