# Researchers blind autonomous cars by tricking LIDAR



## heynow321 (Sep 3, 2015)

https://www.theregister.co.uk/2017/06/27/lidar_spoofed_bad_news_for_self_driving_cars/

if you've ever been dazzled by some idiot's high-beam driving towards you at night, you'd probably welcome a self-driving car - except one of the key "eyes", LIDAR, can also be blinded, or tricked into reacting to objects that aren't there.

LIDAR - Light Detection and Ranging - is an important self-driving vehicle technology: it gathers distances to objects by firing a pulsed laser at them and collating the reflections.

*Hocheol Shin, Dohyun Kim, Yujin Kwon, and Yongdae Kim of the Korea Advanced Institute of Science and Technology have demonstrated two kinds of attacks against LIDAR: a spoofing attack, and a saturation attack. Their work is published at the International Association for Cryptologic Research's pre-print archive here.*

While their work was in a lab, they write that the potential damage from an attack is serious.

"As per the data from UK Department for Transport, 55m is the braking distance for a car driving at 60mph. Because the braking distance is the distance required solely for braking, even autonomous vehicles have no room for checking the authenticity of the observed dots, but need to immediately activate emergency braking or evasive manoeuvres. Such sudden actions are sufficient to endanger the surrounding vehicles."

The subject for their proof-of-concept attacks was the Velodyne VLP-16sensor.

*The saturation attack is very straightforward: "By illuminating the LIDAR with a strong light of the same wavelength as that the LIDAR uses, we can actually erase the existing objects in the sensed output of the LIDAR."*

The spoofing attack was more complex: the four researchers not only gave the LIDAR an optical illusion, they made it appear closer than the device creating the illusion.

To do this, the attackers exploited two characteristics of LIDAR, one of them intrinsic to the technology, the other specific to the implementation.










Rather than capturing whole objects (as a camera does), LIDAR captures a point cloud sufficient to infer that an object is in its view (the car's computers then decide what action to take, if any). To spoof an object, the attackers only need to make the sensors respond to points of light that look like the point cloud of an object.










If the sensor only responded in a single direction (say, straight ahead), spoofing isn't much an attack, since you'd have to put your attack device in the path of the vehicle.
*
That's where the implementation comes in: the researchers noticed that the Velodyne LIDAR (and many similar devices) protect their sensors with curved glass. A laser generating a point cloud at an angle can exploit refraction to change the "apparent" direction and distance the point cloud lies in.*

"Fake dots in directions other than the direction of the attacker can be a severe threat to the victim, because the detected points have different significances according to their directions on roads", they write.
*
The researchers demonstrated a second spoofing attack: they captured the laser pulse emitted by a LIDAR, added a bit of delay, and sent back a corresponding pulse using their own laser.

The paper also points out the difficulty of defending systems against these attacks: adding technology to authenticate the perceived dots, for example, could slow things down too much in an autonomous vehicle*


----------



## Trafficat (Dec 19, 2016)

You can also blind a human driver by shining a laser in his eyes!


----------



## heynow321 (Sep 3, 2015)

You can also raise your hand against the light source and now you're not blinded anymore


----------



## Daniel Harbin (Sep 23, 2015)

You mean less blinded.


----------



## Gung-Ho (Jun 2, 2015)

Nope. Can't happen. These things are perfect. Nothing will ever go wrong...ever. Pure perfection, never fail or malfunction. Perfect in all ways.


----------



## Maven (Feb 9, 2017)

Gung-Ho said:


> Nope. Can't happen. These things are perfect. Nothing will ever go wrong...ever. Pure perfection, never fail or malfunction. Perfect in all ways.


You're far too optimistic.  Research like this is needed so that engineers can design defenses for obvious weakness and vulnerabilities of the new technology to real world attacks. Expect Legislation that will make it illegal to exploit whatever weakness and vulnerabilities remain. Of course, there are even cheaper, low-tech or no-tech methods of attack.
https://uberpeople.net/threads/hack...ss-cars-by-manipulating-what-they-see.185665/


----------



## RamzFanz (Jan 31, 2015)

And you can cut a human driven car's brake line. What's the point?


----------



## Daniel Harbin (Sep 23, 2015)

The point is the ease of doing this and the proximity of the actors. Brake lines require the car to be stopped and then some yahoo crawls under the car or opens the hood to cut the lines. With the LIDAR hack the perp is remote and can do it while the car is in motion. In addition it is accomplished in a short period of time and replicated frighteningly easy. Say a car is speeding along the freeway then the LIDAR is fooled and it causes a chain reaction with 100 other speeding cars? Suppose this is part of a nation wide terror effort on a 911 scale to snarl traffic, cause mass death and tie up police resources.


----------



## tohunt4me (Nov 23, 2015)

Maven said:


> You're far too optimistic.  Research like this is needed so that engineers can design defenses for obvious weakness and vulnerabilities of the new technology to real world attacks. Expect Legislation that will make it illegal to exploit whatever weakness and vulnerabilities remain. Of course, there are even cheaper, low-tech or no-tech methods of attack.
> https://uberpeople.net/threads/hack...ss-cars-by-manipulating-what-they-see.185665/


The cars will cost more than a Stealth Bomber !



Daniel Harbin said:


> The point is the ease of doing this and the proximity of the actors. Brake lines require the car to be stopped and then some yahoo crawls under the car or opens the hood to cut the lines. With the LIDAR hack the perp is remote and can do it while the car is in motion. In addition it is accomplished in a short period of time and replicated frighteningly easy. Say a car is speeding along the freeway then the LIDAR is fooled and it causes a chain reaction with 100 other speeding cars? Suppose this is part of a nation wide terror effort on a 911 scale to snarl traffic, cause mass death and tie up police resources.


A drone can be employed.
Remotely inserted into the field then remotely removed before detection.


----------



## Daniel Harbin (Sep 23, 2015)

Drones are becoming increasingly weaponized. Read about a drone with a thermite grenade blowing up a billion dollars worth of munitions. So for about 1 grand and some good drone piloting a billion bucks up in smoke. Hey that would make a great movie "Up In Smoke".


----------



## RamzFanz (Jan 31, 2015)

Daniel Harbin said:


> The point is the ease of doing this and the proximity of the actors. Brake lines require the car to be stopped and then some yahoo crawls under the car or opens the hood to cut the lines. With the LIDAR hack the perp is remote and can do it while the car is in motion. In addition it is accomplished in a short period of time and replicated frighteningly easy. Say a car is speeding along the freeway then the LIDAR is fooled and it causes a chain reaction with 100 other speeding cars? Suppose this is part of a nation wide terror effort on a 911 scale to snarl traffic, cause mass death and tie up police resources.


What I imagine is that the car has an entire array of sensors for redundancy and is designed to ignore anomalies from one and rely on the sensors that agree, since that's what they actually do.

These are movie script worthy outlier scenarios that no one seems apply to anything else. There have been multiple REAL attacks by driving trucks into crowds and we still have trucks and crowds. There are 1,000 easier and far more reliable ways to accomplish an attack that snarls traffic and causes havoc.

However, it's good that white-hat hackers are finding the vulnerabilities and exposing them. It only makes them stronger. SDC companies even pay rewards to them for doing so.

SDCs will almost certainly have to authenticate the returns anyways as soon enough there will be tens of thousands of LIDARs on the road that could conceivably interfere with each other. Perhaps they will use frequency hopping or verification pulses, I'm not sure, but it's not an unsolvable issue.

As far as just plain "LIDAR attack threats" go, I highly doubt they would bother with a solution as they already have reliable redundancy and the threat is exceedingly remote.


----------

