Researcher Hacks Self-Driving Car Sensors

An anonymous reader writes: Jonathan Petit, security researcher at Security Innovation, has created an electronics kit that costs only $60, which can flood LiDAR sensors on self-driving cars with a laser beam that contains fake data, making them think they have objects in front of them. This forces the self-driving car to slow down and sometimes abruptly stop. Affected cars include all manufacturers that deploy LiDAR sensors. As of now, Google and Apple are affected. According to this article, so may be Toyota's upcoming car.

Throwing a puppy in front of the car

[prasadsurve]

Throwing a puppy in front of the car will also achieve the same result.

Re:Throwing a puppy in front of the car

[JaredOfEuropa]

For better results: puppies with frikkin' lasers attached to their adorable little heads.

Re:

[davester666]

Many of them keep sharks as pets for just this reason. And to be ready for then the gov't comes to take their computers away.

This sort of thing will be a problem

[Viol8]

Hopefully not with puppies! But you can just imagine kids pissing about pushing stuff in front of self driving cars and watching them do an emergency stop then just standing in front so it won't move and giving the occupants the finger. And to anyone who says they won't - kids already play chicken with human driven cars.

Re:This sort of thing will be a problem

[Sqr(twg)]

Exactly. Why would anyone spend $60 on electronics that (only) stops self-driving cars? If you need to stop cars for legitimate reasons, then a "stop" sign is sufficient. Self-driving cars are programmed to stop in a safe way when they encounter one of those (as are human drivers). If you want to stop cars because you're an asshole, then any reasonably large object will work on both self-driving and human-driven cars.

Re:

[Noughmad]

And if it's not a legitimate reason, the car has ways to try to shut the whole thing down.

Re:

[gunslnger]

I think you're missing the point. Why would someone carry around a reasonably large object that would get them noticed when they could have a small piece of electronics?

Re: This sort of thing will be a problem

[WhatHump]

Why would anyone buy a laser pointer and shine it in a pilot's eyes? Same answer - because he can.

Re:This sort of thing will be a problem

[AchilleTalon]

There is jail and police for these kids. The real problem is not with kids, it is with car hijackers, thefts and other criminals. Kids can be handled easily with the appropriate level of repression.

Re: This sort of thing will be a problem

[Anonymous Coward]

More concerned about the police using (abusing) this to remotely shut down cars.

They already can

[Anonymous Coward]

Any vehicle with an OnStar system provides the means to remotely disable it.

"push-button pile-ups"

[careysb]

We're headed towards the age of "push-button pile-ups". (There, I coined a new phrase. Now go viral).

Re:

[Anonymous Coward]

Pretty sure the LIDAR would work fine there, but also pretty sure any self driving car would hit an exception case and just park.

Re:

[MrL0G1C]

People don't go flashing bright lights into drivers eyes. People don't jam GPS signals, people don't jam radio signals, people don't throw poison into water supplies. And people won't spend thousands and wonder round shining high-tech lasers into cars.

Re:

[Plumpaquatsch]

Hopefully not with puppies! But you can just imagine kids pissing about pushing stuff in front of self driving cars and watching them do an emergency stop then just standing in front so it won't move and giving the occupants the finger. And to anyone who says they won't - kids already play chicken with human driven cars.

Hey, that would be an improvement on kids throwing heavy objects off of bridges, sometimes killing occupants. Or using laser-pointers.

Re:

[Applehu Akbar]

"watching them do an emergency stop then just standing in front so it won't move and giving the occupants the finger."

For autodrive cars that stray sufficiently far downtown, this will be how they get jacked.

Re:

[dave420]

And the car-jackers get a car which will drive them to the nearest police station free of charge. I don't see your point.

Plus where the hell do you live where car jacking is still a thing? Robocop's Detroit in the 80s?

Re:

[Anonymous Coward]

But with this you can do it from a much greater distance away, without getting caught!

Re:

[michelcolman]

Yes, but you will be seen doing it. With this hack, you just need to be somewhere within eyesight, for example on the second floor of some building the car's driving by. You can stop any car you see if you can just target its lidar from a distance. You don't have to be in front of it to make it think there's something there.

Re:

[maeka]

You don't have to be in front of it to make it think there's something there.

Uh, yes you do.

This device fools the sensor's range measurement, not the sensor's angle measurement.

So go right ahead a fake an obstacle above the car...

Re:

[michelcolman]

I thought it just treated whatever echo it got as originating from its last sent pulse, determining the angle that way. An echo reveived shortly after sending a pulse forward, would indicate an object dead ahead. But apparently the sensor is revolving as well? Or is it a kind of camera that registers the location of the echos as well?

Re:

[maeka]

lidar sensors typically spin on both axis.

Re:

[AmiMoJo]

I'd expect that by the time self-driving cars are available to buy/rent, they will have developed to the point that even when lidar is temporarily unavailable they can continue with other sensors. Tesla already do 90% of what is needed to drive a car without lidar, it's just that last 10% that is tricky. When cruising along the lidar isn't so important, the car wouldn't need to stop quickly just because one of its many sensors was blinded for a few seconds.

Re:

[minstrelmike]

... When cruising along the lidar isn't so important, the car wouldn't need to stop quickly just because one of its many sensors was blinded for a few seconds.

You're thinking like a software person. This is hardware. If your Lidar is only 90% sure of what's in front of you, should you stop or keep going and possibly crash into something or kill a pedestrian? I know what the company lawyers would say.

A puppy is a REAL reason to stop

[Anonymous Coward]

These are no reason to stop for this confused signal, while a puppy is a real reason. The two situations are thus not comparable.

To be clear why, what if the signal is not of malicious intent? What if its a laser from another self driving car? What if its a laser used for other purposes? Like 3D mapping, lights shows or games?

So they have to encode their signals so they can tell their signals from others signals.

Re:

[rogerbly]

Standby for a brief poetry break!

Your Dog Dies
by Raymond Carver

it gets run over by a van.
you find it at the side of the road
and bury it.
you feel bad about it.
you feel bad personally,
but you feel bad for your daughter
because it was her pet,
and she loved it so.
she used to croon to it
and let it sleep in her bed.
you write a poem about it.
you call it a poem for your daughter,
about the dog getting run over by a van
and how you looked after it,
took it out into the woods
and buried it deep, deep,
and that poem turns o

Re:

[tehcyder]

A puppy is a real reason to stop, or swerve, only if you can do so safely.

You should always be driving safely, which is to say defensively. Riding a motorcycle for a while soon knocks this habit into you.

Re:

[coofercat]

...or throw an empty supemarket plastic bag into the wind. Humans will identify and pretty much ignore it, but the automated systems will see a large object 'flying' in the path of the vehicle and will slow/stop/avoid.

All this tech is really cool - I mean really cool, but it's still got a long way to go before it's absolutely better than a human in all cases.

Re:

[firewrought]

Yes, but this could let you throw puppies in front of hundreds of cars all at once. Interstate cloverleafs would be particularly vulnerable under the right weather and traffic conditions. Two bored teens could rack up dozens of deaths and millions of damages, and while that's probably "only" 10x the damage they could do with a brick and an overpass, the psychological impact on the population would be tremendous.

I'd much rather manufacturers build thorough defenses before any lives are lost than for legi

Thats the usual problem with any radar system.

[Anonymous Coward]

Nearly all of them (from sonar, radar, lidar...) all are susceptible to various interference techniques.

The only ones that exist that I'm sure are NOT directly affected are used by whales, dolphins, bats... They can be overpowered causing problems... but at the operational strength none seem affected even though they are using the same frequencies.

Even normal drivers are affected by having lights shined into their eyes... (which happens to be why it is illegal to aim laser pointers at aircraft or cars).

Re:Thats the usual problem with any radar system.

[arglebargle_xiv]

Nearly all of them (from sonar, radar, lidar...) all are susceptible to various interference techniques.

For LIDAR it's actually not that hard to counter, instead of emitting a continuous series of pulses you emit a pseudrandom sequence. Anything that comes back that's out-of-sequence gets rejected. Since the attacker can't predict the sequence, they can't send back fake signals in the same order (assuming you're not using a crappy random number generator).

Re: Thats the usual problem with any radar system.

[mangobrain]

But doesn't LiDAR detect depth variance by the variance in response time to pulses? That is, you can't reject unexpected responses because you don't know when to expect them in the first place. If you knew, you would already know your surroundings, and wouldn't be measuring them!

Re: Thats the usual problem with any radar system.

[arglebargle_xiv]

Remember that you're dealing with something moving at the speed of light here, combined with short distances, so the delays are so minute that you need exotic techniques like optical heterodyne detection at the receiver to measure nanosecond-level differences. In fact I'm surprised the replay attack worked at all, I'm guessing the receivers were incredibly permissive in how they treat incoming signals, given that you'd (theoretically) need nanosecond-level synchronisation for it to work.

Re: Thats the usual problem with any radar system.

[Capt.Albatross]

> I'm guessing the receivers were incredibly permissive in how they treat incoming signals.

I would not be at all surprised, as this technology is, or was until recently, in development.

First making it work and then hardening it is not a bad strategy, as long as you actually do the latter - and it is a good idea to think about how you would do it before you need to.

Re:

[HiThereImBob]

> I'm guessing the receivers were incredibly permissive in how they treat incoming signals.

I would not be at all surprised, as this technology is, or was until recently, in development.

First making it work and then hardening it is not a bad strategy, as long as you actually do the latter - and it is a good idea to think about how you would do it before you need to.

Does this really require hardening? For far less than $60 I could make a laser that permanently blinds human drivers. Should we require laser resistant windshields in all cars or maybe just arrest anyone stupid enough to aim a laser at traffic?

Re:

[StikyPad]

Laser-resistant windshields!!!

Re:

[asvravi]

It is correct that a pseudo random sequence (either LiDAR or Radar or SONAR) can offset this to some extent. I imagine the receiver already has some kind of heterodyning (synchronous mixing or counting) to detect the ranging delays in a continuous stream of uniform pulses. I also imagine the hack used here uses a synchronous emission - ie; detects the incoming pulse and emits a suitably phased identical pulse in the next cycles that would seem to be coming from a nearby obstacle with a lesser delay. A pseud

Re:

[Agripa]

Techniques for nanosecond (and better) level synchronization are obscure but not difficult; they involve various methods of interpolation which avoids the need for fast digital clocks.

Latency is a problem however. Instead of using high speed circuits it is easier to measure the time between triggers and uses this to generate the false response based on the previous trigger; the false response can then be accurately sent even before the pulse is received. This suggests an easy countermeasure; randomize or

Re:

[Agripa]

If I were doing it, I would look at the distribution and randomize the time between pulses. Integration then averages out the spoofed responses while strengthening the real ones.

Re:Thats the usual problem with any radar system.

[dotancohen]

For LIDAR it's actually not that hard to counter, instead of emitting a continuous series of pulses you emit a pseudrandom sequence. Anything that comes back that's out-of-sequence gets rejected. Since the attacker can't predict the sequence, they can't send back fake signals in the same order (assuming you're not using a crappy random number generator).

I'm pretty sure that's how the Enterprise D was destroyed. Just make sure that the LIDAR frequency isn't displayed prominently on the dashboard.

Informative

[monkeyxpress]

Great. I now know that a company called ‘security innovations’ is basically a front for a bunch of marketing and PR muppets who will sell you some snake oil attached to whatever is the latest media feeding frenzy using fear and misinformation.

I could go down to my local motorway junction with a pocket full of laser pointers right now and cause a whole lot of human-driven cars to have to slow down and enter a safety mode. I'm pretty sure I would get arrested for doing this, and I doubt the outcome for someone doing this to driverless cars will be any different. No doubt it will be drones with lasers next week.

Re:

[Dog-Cow]

Drones with shark bodies, of course.

Re:

[tlhIngan]

Great. I now know that a company called âsecurity innovationsâ(TM) is basically a front for a bunch of marketing and PR muppets who will sell you some snake oil attached to whatever is the latest media feeding frenzy using fear and misinformation.

It's the way the industry works. If something is coming up and it's going to affect your core business, you have to react. And even if you have no science on your side, you do what has been done since the days of tobacco - you introduce doubt. Doubt the s

Re:

[sectokia]

Yep same thing, this is not news worthy.... File this under obvious.

Yet another attack vector

[flux]

You can buy a simple point laser for less, for hacking the visual systems of the human driverâ"hopefully making the driver stop, but maybe at times not.

But the attack itself seems interesting, though it seems it is possible to fix the issue with new hardware. Good research!

Re:Yet another attack vector

[Derekloffin]

Indeed. While this might be interesting in the future, as is it is kinda a 'so what' kind of thing. Human drivers are even more easy to disorient and in generally far more seriously, and the car is just slowing down or coming to a halt, something you can also accomplish with putting a cheap obstacle in its path. Now, if they can get it to speed up or ignore obstacles then that would be concerning.

Re:

[michelcolman]

In the article they say that the pulses are not encoded or encrypted. Interesting, lidar works with very short pulses of laser light, how would one go about encoding or encrypting those? Is that even possible? Honest question, not saying it can't be done.

Re:

[tburkhol]

Interesting, lidar works with very short pulses of laser light, how would one go about encoding or encrypting those? Is that even possible?

Since timing is important, you just emit your pulses at random intervals and only pay attention to reflections within a relevant response window.

Re:

[michelcolman]

That is indeed a logical solution. But that's not really "encoding" or "encrypting" which the article seemed to suggest ("The pulses were not encoded or encrypted, which allowed him to simply replay them at a later point")

Apple is effected?

[SeaFox]

[citation needed]

At this point, Apple's auto project is still officially rumor and the idea of it being self-driving, and using LIDAR technology, has not been confirmed either.

Re:

[SeaFox]

Dammit. I typed "effected" instead of "affected" when I quoted a line from the summary. -__-'

Re:

[michelcolman]

Apple is not mentioned in the article, only in the summary. I think it's quite an amusing little addition, made me chuckle.

Re:

[swb]

I doubt it matters, Apple isn't likely to enter the car business as an automaker anyway. This project is likely more about generating PR and building a futuristic car as a means to figure out how they can inject themselves into the cars of the future as a supplier.

Re:

[michelcolman]

I think I agree. Making a car is hard. Joining the patent pool is a lot easier and just as lucrative. They may just be developing software and hardware to sell to actual automakers.

They still haven't gotten around to making TV sets either, just the little Apple TV box that sits underneath.

Re:

[swb]

Ford lists $53 billion in property, plants and equipment on their balance sheet and a gross profit margin of about 15%.

Apple probably couldn't outsource the assembly of a car, they would have to make a major capital investment in assembly facilities. While they have the cash to do so, it doesn't seem likely that they would see this as a good business decision given the size of the investment and the low margin returns in the industry as a whole.

Vehicles interfering with each other?

[wvmarle]

So LiDAR sends out a laser beam, then looks at reflections. It makes sense this can be flooded - just pick up the signal and send it back amplified, and it seems there's something really close. I assume at least they're looking for brightness rather than timing (distance travelled is very short and light is very fast) to determine the distance of an object.

This makes me wonder. Would it be possible for cars to pick up signals from other cars, and react to them?

Anything to prevent this from happening - and so also prevent such a disturbance attack from working?

Re:

[wonkey_monkey]

I assume at least they're looking for brightness rather than timing (distance travelled is very short and light is very fast) to determine the distance of an object.

That sounds like a terrible idea. What happens if two objects reflect different amounts of laser light?

Light may be "very fast" but we're very good at measuring it [amazon.co.uk].

Re:

[maeka]

I assume at least they're looking for brightness rather than timing (distance travelled is very short and light is very fast) to determine the distance of an object.

There are both time and phase-detect lidar systems on the market.

Re:

[maeka]

It makes sense this can be flooded

Flooding is very possible.

- just pick up the signal and send it back amplified, and it seems there's something really close.

But what you're describing there is impossible. By the time the light reaches you, the attacker, it is too late to create a false target which appears closer than you (assuming a time-detect lidar system). An attack must presuppose and be delivered before the target pulses are sent from the transmitter.

Re:

[swillden]

I assume at least they're looking for brightness rather than timing (distance travelled is very short and light is very fast) to determine the distance of an object.

They're not. It wouldn't work since the amplitude of reflections depends too much on the material, which the system doesn't know. As maeka mentioned, they use either direct time measurement or phase detection.

The timing really isn't a problem. Most off-the-shelf CPUs are easily capable of nanosecond-level time measurement and given that light travels about one foot in a nanosecond, they could give you roughly six-inch ranging accuracy. So it's not hard to create purpose-built timing circuits that can meas

Re:

[swillden]

Well, early RADAR didn't measure range, it just gave a bearing. Then later generations used multiple receivers to triangulate to get ranging. Then they started measuring pulse return times, but at much larger distances than are practical with light, so timing didn't have to be as precise.

But, yes, if you were measuring the same sorts of distances that LIDAR does for self-driving cars, RADAR would have precisely the same timing requirements.

(Note that speed measurement RADAR guns don't actually need prec

Re:

[wvmarle]

OK, OK so I made some technical errors in the first part of my post. That's understood, thanks for the replies.

Now I'd still love to hear whether car-car interference is possible, or why not, or how it could be prevented.

Not really news

[Chrisq]

It's possible to stop trains with even cheaper kits [railway-technical.com], and this hasn't been a major problem.

Not concerned

[jeti]

This sounds less dangerous than throwing a rock off a bridge.

This is a hack?

[Anonymous Coward]

So he floods the sensors with bad data, and the car stops safely...what is the issue here exactly?

Guy wastes his time developing a high tech way of making the car stop, when much simpler and cheaper ways are available?

Language

[argStyopa]

It's a tech-specific site, could we at least use tech-specific jargon correctly?
Hacking implies breaking into or somehow achieving a level of control. He didn't do that at all, he merely confused the sensors with a false-positive return, something long-since know in the elint world as "spoofing".

This researcher "hacked" nothing, he "spoofed" them.

Re:

[Anonymous Coward]

Listen, we lost the hacking/cracking war, and you'll lose this war too. Hacking is now an official media buzzword for "doing stuff". e.g.

I hacked my car by reinflating the tyres to the right pressure
I hacked my alarm to go go off at 7.30 today
I hacked my car door to open when I pull the handle firmly

Re:

[slinches]

That's exactly what I'd expect from tech journalists, a bunch of hacks.

Re:

[argStyopa]

What do I know, I still think there's actually a difference between a "drone" and "any remotely-controlled aircraft".

A useful application

[onthemightofprinces]

In other news, screaming into someone's ear when they're not expecting it might just make them jump.

Friendly vs. unfriendly environment

[gweihir]

Ordinary engineering and typical engineers assume a friendly environment, i.e. the absence of intentional sabotage and hacking. This state of affairs is not true with globally networked infrastructure and sensors operating outside of protected spaces. What these people lack is what Bruce Schneier calls "the security mind-set". It involves not only thinking about how things can be made to work, but also how they can be intentionally broken and subverted. Having it is critical. That most people designing software and software-driven systems these days do not have it the main reason why IT security is in such an abysmally bad state these days.

Breaking news: Hackers hack human sensors

[iceco2]

They forced a self driving car to stop, wow. Is it any harder to blind a human driver causing him to hit the breaks?
Use a search light or lasers, or a pretty woman flashing her breasts.
This is hardly a "hack" and definitely not a weakness of self driving cars compared to the human variant.

Tinfoil

[WPIDalamar]

Just put tinfoil over your sensors. Problem solved.

Old tech

[Lumpy]

You can buy those to flood the front of your car to screw with police LIDAR so they cant get a reading on you or they only read 0. Except mine has a 1 mile range.

for $60, is he doing it from 1 mile down the road? I bet his only works from a hundred feet away.

$60?

[DrXym]

It would be trivial and cheap to halt these cars - a box, a trash bag, or a bit of carpet would probably do the trick for $0. A fact which I'm sure criminals would soon figure out, assuming such vehicles ever see the light of day.

Manual cars suffer from a related vulnerability

[nneonneo]

Manual car sensors can also be hacked! Shining bright lights at the windshield, especially in nighttime driving conditions, incapacitates the optical sensor of a manually-driven car. Worse, unlike self-driving cars, manual cars behave erratically or unpredictably in these conditions. Even worse, all cars are equipped with hardware that can generate these bright lights, meaning that any car can attack any other manual car in vision range.

Cars are doomed!

Re:

[account_deleted]

Comment removed based on user account deletion

business v tech

[Smiddi]

Its the standard business versus technology model: Rush to market THEN consider the security and privacy implications.

Recent development in Laser optomechanics is a fix

[Daniel Matthews]

Plus a bit of coding (literally) on the pulses, and given the new units will be so small more than one operating out of phase should allow for majority decisions that override a minority of jammed channels.

Not sure how affected Google is going to be given Ray already knows about this,

http://www.kurzweilai.net/new-... [kurzweilai.net]

http://www.nature.com/articles... [nature.com]

Basketball

[bradgoodman]

Throw a basketball at LiDAR -based car, or even a "traditional" human-operated one, and they both will see an object coming at them at a high rate of speed. If I write an article about it, will Slashdot post that, too?

Re:

[Triklyn]

sometimes you don't need them to stop, just stay for a bit.

ever hit those points in your commute, where you're through it, and you're like, wtf was that? why the hell did everybody just slow down to 10 mph for half a mile?

now imagine that, but because some teenager got bored one day and just decided to waste everybody's time for 30 minutes to see if he could.

now imagine it's election day during a tight race, and people can't get to the polls in heavily (insert your party color here) (red, blue, green, etc.)