Self-driving car lidars can be spoofed by $60 gadget

JC Torres - Sep 7, 2015, 2:00 am CDT
Self-driving car lidars can be spoofed by $60 gadget

Autonomous cars naturally rely on a variety of sensors in order to determine and navigate through its environment. Apparently, one of the most expensive sensors available can be foiled a a cheap, makeshift setup. Software security researcher Jonathan Petit demonstrated how a laser radar or lidar, specifically one from the IBEO Lux, could be tricked into seeing phantom cars, pedestrians, or walls, which could effectively paralyze the self-driving vehicle from moving or at the very least prevent it from being able to accurately analyze its surroundings.

Lidars use an unencrypted and easily mimicked pulses of laser light which it uses to build a 3D image of its surroundings. That is in contrast to short-range radar that requires a licensed frequency band. This makes it all too easy to analyze the laser pulses from the IBEO Lux and replay it a later at a later time. Of course, it’s not completely easy and does require some amount of careful synchronization, but it is all still within the realm of feasibility.


And all it really takes is a low-power laser, practically a laser pointer. You might need a pulse generator too, but that can be substituted with something like a Raspberry Pi. All of these can be bought off shelf and easily accessible to those with the know-how.

The effects of this spoofing is both terrifying and dangerous. At the very least, the car can be tricked into seeing a car where there isn’t one and therefore slows, stops, or won’t even move. The same goes for pedestrians and walls. Even more frightening is the fact that Petit can duplicate these phantoms a thousand times and bombard the car’s sensors, the equivalent of a DoS attack for self-driving cars.

Petit isn’t knocking IBEO’s lidar but is instead pointing out what could be a common vulnerability in such sensors. Considering the infancy of this particular application of the technology, car makers might have overlooked the possible security holes that can be easily exploited. Petit is simply giving car makers a wake up call before self-driving cars do become the norm and things go out of hand.


Must Read Bits & Bytes