Many autonomous cars use LIDAR — a kind of laser-based radar — to sense the world around them. But now a researcher has developed a simple system that can fool the devices into seeing objects where really none exist.

Spectrum reports that Jonathan Petit, from Security Innovation, has developed a system to send spurious signals toward the LIDAR sensors used in self-driving cars. Consisting of a low-power laser and a pulse generator, powered by a Raspberry Pi or Arduino, the kit can cost as little as $60 t0 make. The hardware can be used to capture the light reflections from an obstacle and then send them toward the sensors that sit on top of autonomous vehicles, as shown in the image above. He explains to Spectrum:

“I can take echoes of a fake car and put them at any location I want. And I can do the same with a pedestrian or a wall... I can spoof thousands of objects and basically carry out a denial of service attack on the tracking system so it’s not able to track real objects.”

In tests, the home-brew system worked at distances of up to 100 meters from the sensors, at all angles, and didn’t always require a direct hit of the device to achieve its goal. It could in theory be used to slow autonomous cars by fooling them into thinking objects were sat in the middle of the road—or even paralyze their systems with the kind of DDoS attack that Petit refers to.

Petit claims that manufacturers of such LIDAR sensors — including the likes of IBEO and Velodyne — haven’t thought enough about the possibility of such attacks. In theory it should be possible to encrypt or encode the signals to overcome such a problem but currently such processes aren’t in place—making synchronization of the pulses the only real challenge.

Right now the problem won’t affect too many people. But it’s a reminder that security should be a significant concern for auto-makers—and it’s time for them to do something about it.


Image by Google