Jonathan Petit, Security Innovation’s principal scientist, presented “Self-driving and connected cars: Fooling sensors and tracking drivers” (pdf) at Black Hat Europe in Amsterdam. One of the key takeaways was that “fooling camera-based systems is easy and cheap.” For instance, it takes less than $60 worth of off-the-shelf hardware to successfully defeat a LiDAR ibeo LUX 3 system that costs thousands of dollars and is responsible for sensing obstacles.
Without a human to make driving decisions, “autonomous automated vehicles unconditionally rely on their on-board sensors to detect surroundings objects and understand their environment.” To do this, “valid and accurate sensor data are required to make appropriate driving decisions such as emergency brake, changing trajectory or rerouting.” Yet Petit and his fellow researchers performed black-box attacks, successfully blinding, jamming, replaying and spoofing in various laboratory conditions.
Lidar, a laser ranging system, is somewhat like radar but works by shooting laser pulse pings at objects ahead of it and interpreting the echoed readings from the reflection. Lidar is commonly used in collision avoidance systems and adaptive cruise control. The ibeo LUX 3 can track up to 65 objects at a maximum distance of 200 meters, but is vulnerable to relay and spoofing attacks.
In one attack which works at distances up to 100 meters, Petit created illusions of fake cars, pedestrians and walls in front of, beside and behind the lidar unit. “I can spoof thousands of objects and basically carry out a denial of service attack on the tracking system so it’s not able to track real objects,” Petit told IEEE Spectrum. “I can take echoes of a fake car and put them at any location I want and I can do the same with a pedestrian or a wall.” It doesn’t cost a fortune either as the attack can “easily” be done “with a Raspberry Pi or an Arduino.”
The researchers were able to blind and confuse auto controls when attacking a MobilEye C2-270 camera, which is responsible for things like rear collision alerts, lane departure and pedestrian alerts. Using a laser, LED light sources and a screen, the researchers were able to carry out “jamming, blinding and scenery attacks.”
In “Remote Attacks on Automated Vehicles Sensors: Experiments on Camera and LiDAR (pdf),” the researchers concluded:
We showed blinding and confusing auto controls attacks on the camera, and relaying and spoofing attacks on the LiDAR. For the MobilEye C2-270, a simple laser pointer was sufficient to blind the camera and prevent detection of a vehicle ahead. A cheap transceiver was able to inject fake objects that are successfully detected and tracked by the ibeo LUX 3. These attacks prove that additional techniques are needed to make the sensor more robust to ensure appropriate sensor data quality.
Privacy problems with connected cars
While the first part of Petit’s Black Hat presentation focused on the security of autonomous automated vehicles, the second half focused on driver privacy and connected cars. Key takeaways from the connected vehicle privacy portion included the facts:
- Everyone can deploy a surveillance system to track connected vehicles.
- It is cheap and easy.
There are a plethora of potential privacy violations when it comes to connected cars. Petit explained, “Connected Vehicle is an upcoming technology that allow vehicles and road-side infrastructure to communicate to increase traffic efficiency and safety. To enable cooperative awareness, vehicles continually broadcast messages containing their location. These messages can be received by anyone, jeopardizing location privacy.”
The research paper “Connected Vehicles: Surveillance Threat and Mitigation” (pdf) presented “the first real world experiment focused on tracking capability of a mid-sized observer and pseudonym change frequencies.” After deciding that an attacker would most likely target road intersections for eavesdropping, Petit and a team of researchers deployed Intelligent Transportation Systems (ITS) hardware on a small scale at the University of Twente.
“The equipment was deployed for 16 days, during which the vehicle transmitted 2,734,691 messages and we eavesdropped on 68,542 messages.”
Experiment results demonstrate that location tracking is easy to perform, and that two sniffing stations are sufficient to offer 40% road-level tracking, while eight sniffing stations offer 90%.
Connected cars are here and their connectivity will only increase as they talk to road-side infrastructure; fully autonomous vehicles may start to be a common sight by 2020. Like the security issues, there are ways to solve the privacy issues; Petit believes the time is now to get started.