Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Hacks Self-Driving Car Sensors

Posted by samzenpus on from the take-the-wheel dept.

An anonymous reader writes: Jonathan Petit, security researcher at Security Innovation, has created an electronics kit that costs only $60, which can flood LiDAR sensors on self-driving cars with a laser beam that contains fake data, making them think they have objects in front of them. This forces the self-driving car to slow down and sometimes abruptly stop. Affected cars include all manufacturers that deploy LiDAR sensors. As of now, Google and Apple are affected. According to this article, so may be Toyota's upcoming car.

30 of 122 comments (clear)

  1. Throwing a puppy in front of the car by prasadsurve · · Score: 4, Insightful

    Throwing a puppy in front of the car will also achieve the same result.

    1. Re:Throwing a puppy in front of the car by JaredOfEuropa · · Score: 4, Funny

      For better results: puppies with frikkin' lasers attached to their adorable little heads.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    2. Re:Throwing a puppy in front of the car by michelcolman · · Score: 3, Interesting

      Yes, but you will be seen doing it. With this hack, you just need to be somewhere within eyesight, for example on the second floor of some building the car's driving by. You can stop any car you see if you can just target its lidar from a distance. You don't have to be in front of it to make it think there's something there.

    3. Re:Throwing a puppy in front of the car by coofercat · · Score: 2

      ...or throw an empty supemarket plastic bag into the wind. Humans will identify and pretty much ignore it, but the automated systems will see a large object 'flying' in the path of the vehicle and will slow/stop/avoid.

      All this tech is really cool - I mean really cool, but it's still got a long way to go before it's absolutely better than a human in all cases.

    4. Re:Throwing a puppy in front of the car by maeka · · Score: 2

      You don't have to be in front of it to make it think there's something there.

      Uh, yes you do.

      This device fools the sensor's range measurement, not the sensor's angle measurement.

      So go right ahead a fake an obstacle above the car...

    5. Re:Throwing a puppy in front of the car by AmiMoJo · · Score: 2

      I'd expect that by the time self-driving cars are available to buy/rent, they will have developed to the point that even when lidar is temporarily unavailable they can continue with other sensors. Tesla already do 90% of what is needed to drive a car without lidar, it's just that last 10% that is tricky. When cruising along the lidar isn't so important, the car wouldn't need to stop quickly just because one of its many sensors was blinded for a few seconds.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Thats the usual problem with any radar system. by Anonymous Coward · · Score: 2, Interesting

    Nearly all of them (from sonar, radar, lidar...) all are susceptible to various interference techniques.

    The only ones that exist that I'm sure are NOT directly affected are used by whales, dolphins, bats... They can be overpowered causing problems... but at the operational strength none seem affected even though they are using the same frequencies.

    Even normal drivers are affected by having lights shined into their eyes... (which happens to be why it is illegal to aim laser pointers at aircraft or cars).

    1. Re:Thats the usual problem with any radar system. by arglebargle_xiv · · Score: 5, Insightful

      Nearly all of them (from sonar, radar, lidar...) all are susceptible to various interference techniques.

      For LIDAR it's actually not that hard to counter, instead of emitting a continuous series of pulses you emit a pseudrandom sequence. Anything that comes back that's out-of-sequence gets rejected. Since the attacker can't predict the sequence, they can't send back fake signals in the same order (assuming you're not using a crappy random number generator).

    2. Re: Thats the usual problem with any radar system. by arglebargle_xiv · · Score: 4, Interesting

      Remember that you're dealing with something moving at the speed of light here, combined with short distances, so the delays are so minute that you need exotic techniques like optical heterodyne detection at the receiver to measure nanosecond-level differences. In fact I'm surprised the replay attack worked at all, I'm guessing the receivers were incredibly permissive in how they treat incoming signals, given that you'd (theoretically) need nanosecond-level synchronisation for it to work.

    3. Re: Thats the usual problem with any radar system. by Capt.Albatross · · Score: 3, Interesting

      > I'm guessing the receivers were incredibly permissive in how they treat incoming signals.

      I would not be at all surprised, as this technology is, or was until recently, in development.

      First making it work and then hardening it is not a bad strategy, as long as you actually do the latter - and it is a good idea to think about how you would do it before you need to.

    4. Re: Thats the usual problem with any radar system. by asvravi · · Score: 2

      It is correct that a pseudo random sequence (either LiDAR or Radar or SONAR) can offset this to some extent. I imagine the receiver already has some kind of heterodyning (synchronous mixing or counting) to detect the ranging delays in a continuous stream of uniform pulses. I also imagine the hack used here uses a synchronous emission - ie; detects the incoming pulse and emits a suitably phased identical pulse in the next cycles that would seem to be coming from a nearby obstacle with a lesser delay. A pseudo random sequence can counter such a synchronous emission since the attacker has no way of knowing the delay of the next pulse in respect to the currently received one. The synchronous emission essentially should show up as background noise.

    5. Re:Thats the usual problem with any radar system. by dotancohen · · Score: 4, Insightful

      For LIDAR it's actually not that hard to counter, instead of emitting a continuous series of pulses you emit a pseudrandom sequence. Anything that comes back that's out-of-sequence gets rejected. Since the attacker can't predict the sequence, they can't send back fake signals in the same order (assuming you're not using a crappy random number generator).

      I'm pretty sure that's how the Enterprise D was destroyed. Just make sure that the LIDAR frequency isn't displayed prominently on the dashboard.

      --
      It is dangerous to be right when the government is wrong.
  3. Informative by monkeyxpress · · Score: 4, Insightful

    Great. I now know that a company called ‘security innovations’ is basically a front for a bunch of marketing and PR muppets who will sell you some snake oil attached to whatever is the latest media feeding frenzy using fear and misinformation.

    I could go down to my local motorway junction with a pocket full of laser pointers right now and cause a whole lot of human-driven cars to have to slow down and enter a safety mode. I'm pretty sure I would get arrested for doing this, and I doubt the outcome for someone doing this to driverless cars will be any different. No doubt it will be drones with lasers next week.

    1. Re:Informative by Dog-Cow · · Score: 2

      Drones with shark bodies, of course.

  4. Yet another attack vector by flux · · Score: 3, Insightful

    You can buy a simple point laser for less, for hacking the visual systems of the human driverâ"hopefully making the driver stop, but maybe at times not.

    But the attack itself seems interesting, though it seems it is possible to fix the issue with new hardware. Good research!

    1. Re:Yet another attack vector by Derekloffin · · Score: 5, Interesting

      Indeed. While this might be interesting in the future, as is it is kinda a 'so what' kind of thing. Human drivers are even more easy to disorient and in generally far more seriously, and the car is just slowing down or coming to a halt, something you can also accomplish with putting a cheap obstacle in its path. Now, if they can get it to speed up or ignore obstacles then that would be concerning.

    2. Re:Yet another attack vector by michelcolman · · Score: 2

      In the article they say that the pulses are not encoded or encrypted. Interesting, lidar works with very short pulses of laser light, how would one go about encoding or encrypting those? Is that even possible? Honest question, not saying it can't be done.

  5. Apple is effected? by SeaFox · · Score: 4, Insightful

    [citation needed]

    At this point, Apple's auto project is still officially rumor and the idea of it being self-driving, and using LIDAR technology, has not been confirmed either.

  6. This sort of thing will be a problem by Viol8 · · Score: 2

    Hopefully not with puppies! But you can just imagine kids pissing about pushing stuff in front of self driving cars and watching them do an emergency stop then just standing in front so it won't move and giving the occupants the finger. And to anyone who says they won't - kids already play chicken with human driven cars.

    1. Re:This sort of thing will be a problem by Sqr(twg) · · Score: 3, Insightful

      Exactly. Why would anyone spend $60 on electronics that (only) stops self-driving cars? If you need to stop cars for legitimate reasons, then a "stop" sign is sufficient. Self-driving cars are programmed to stop in a safe way when they encounter one of those (as are human drivers). If you want to stop cars because you're an asshole, then any reasonably large object will work on both self-driving and human-driven cars.

    2. Re:This sort of thing will be a problem by AchilleTalon · · Score: 3, Insightful

      There is jail and police for these kids. The real problem is not with kids, it is with car hijackers, thefts and other criminals. Kids can be handled easily with the appropriate level of repression.

      --
      Achille Talon
      Hop!
    3. Re: This sort of thing will be a problem by WhatHump · · Score: 2

      Why would anyone buy a laser pointer and shine it in a pilot's eyes? Same answer - because he can.

      --
      "Could be worse...could be raining." Igor
  7. Vehicles interfering with each other? by wvmarle · · Score: 3, Interesting

    So LiDAR sends out a laser beam, then looks at reflections. It makes sense this can be flooded - just pick up the signal and send it back amplified, and it seems there's something really close. I assume at least they're looking for brightness rather than timing (distance travelled is very short and light is very fast) to determine the distance of an object.

    This makes me wonder. Would it be possible for cars to pick up signals from other cars, and react to them?

    Anything to prevent this from happening - and so also prevent such a disturbance attack from working?

    1. Re:Vehicles interfering with each other? by maeka · · Score: 2

      I assume at least they're looking for brightness rather than timing (distance travelled is very short and light is very fast) to determine the distance of an object.

      There are both time and phase-detect lidar systems on the market.

    2. Re:Vehicles interfering with each other? by swillden · · Score: 2

      I assume at least they're looking for brightness rather than timing (distance travelled is very short and light is very fast) to determine the distance of an object.

      They're not. It wouldn't work since the amplitude of reflections depends too much on the material, which the system doesn't know. As maeka mentioned, they use either direct time measurement or phase detection.

      The timing really isn't a problem. Most off-the-shelf CPUs are easily capable of nanosecond-level time measurement and given that light travels about one foot in a nanosecond, they could give you roughly six-inch ranging accuracy. So it's not hard to create purpose-built timing circuits that can measure in the 10-100 picosecond range. For example this timer released in 2006 can measure time intervals up to 40sec in duration with a 10 psec resolution, which provides laser ranging accuracies of +-1 mm out to a distance of 1500m. I don't think there are yet any off-the-shelf femtosecond-precision timers, but I'm sure there will be within a few years, providing laser rangers with micrometer-level measurement.

      We're accustomed to thinking of light as moving so fast that it's instantaneous across "human" distances. But that's only true at human timescales.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    3. Re:Vehicles interfering with each other? by swillden · · Score: 2

      Well, early RADAR didn't measure range, it just gave a bearing. Then later generations used multiple receivers to triangulate to get ranging. Then they started measuring pulse return times, but at much larger distances than are practical with light, so timing didn't have to be as precise.

      But, yes, if you were measuring the same sorts of distances that LIDAR does for self-driving cars, RADAR would have precisely the same timing requirements.

      (Note that speed measurement RADAR guns don't actually need precise timing requirements because they don't measure distances. They measure the doppler shift by adding the return signal to the generated signal and looking for the peaks of the constructive interference, the "beats". That's a much easier measurement problem.)

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  8. A puppy is a REAL reason to stop by Anonymous Coward · · Score: 3, Insightful

    These are no reason to stop for this confused signal, while a puppy is a real reason. The two situations are thus not comparable.

    To be clear why, what if the signal is not of malicious intent? What if its a laser from another self driving car? What if its a laser used for other purposes? Like 3D mapping, lights shows or games?

    So they have to encode their signals so they can tell their signals from others signals.

  9. Not really news by Chrisq · · Score: 4, Informative

    It's possible to stop trains with even cheaper kits, and this hasn't been a major problem.

  10. Not concerned by jeti · · Score: 2

    This sounds less dangerous than throwing a rock off a bridge.

  11. Friendly vs. unfriendly environment by gweihir · · Score: 5, Insightful

    Ordinary engineering and typical engineers assume a friendly environment, i.e. the absence of intentional sabotage and hacking. This state of affairs is not true with globally networked infrastructure and sensors operating outside of protected spaces. What these people lack is what Bruce Schneier calls "the security mind-set". It involves not only thinking about how things can be made to work, but also how they can be intentionally broken and subverted. Having it is critical. That most people designing software and software-driven systems these days do not have it the main reason why IT security is in such an abysmally bad state these days.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.