Self-driving cars can be hacked using a laser pointer
A security researcher has uncovered a way to hack self-driving cars using nothing but an off-the-shelf laser pointer, highlighting the possible risks associated with the new technology.
Jonathan Petit, principal scientist at software security company Security Innovation, discovered that a laser pointer could interfere with the laser ranging (Lidar) systems that most self-driving cars rely on to navigate. The Lidar system creates a 3D map and allow the car to 'see' potential hazards by bouncing a laser beam off obstacles.
Pointing the laser pointer at a self-driving car so that it is picked up by the Lidar system could trick the car into thinking something is directly ahead of it, thus forcing it to slow down. Alternatively, a hacker could overwhelm it with spurious signals, forcing the car to remain stationary for fear of hitting phantom obstacles.
Mr Petit described the so-called 'proof-of-concept' attack in a paper written while he was a research fellow in the University of Cork’s Computer Security Group, entitled Potential Cyberattacks on Automated Vehicles. The paper will be presented at the Black Hat Europe security conference in November.
During tests, Mr Petit was able to trick the sensors into seeing 'ghost' vehicles or pedestrians from a distance of 330ft (100m), using a low-power laser and a pulse generator. However, he said the the pulse generator was not strictly necessary – the same attack could be carried out using a Raspberry Pi or an Arduino single-board computer.
Mr Petit added that there are ways to mitigate the risks: “A strong system that does misbehaviour detection could cross-check with other data and filter out those that aren’t plausible. But I don’t think carmakers have done it yet. This might be a good wake-up call for them,” he told IEEE Spectrum.
This is not the first time the risks associated with driverless cars have been highlighted. In 2013, researchers at the University of California and University of Washington found ways to infect driverless vehicles with computer viruses and cause them to crash by shutting off their lights, killing their engines or slamming on their brakes.
Hackers also recently took remote control of a Jeep Cherokee, by breaking into its dashboard computer, killing the engine, applying the brakes and crashing it into a ditch. The US hackers said they used just a laptop and mobile phone to access the Jeep's on-board systems via a wireless Internet connection.
A report from the Institution of Engineering and Technology (IET) published in November 2014 warned that driverless cars are vulnerable to hackers because of the high level of computer technology on board. It said that hackers could bring cities to a standstill, steal cars remotely or even commit deadly terror attacks.
“If we have the hacker community start to target vehicles in Central London we could imagine a fair amount of chaos on the roads," said Hugh Boyes, a cyber-security expert at the IET, at the time. “Terrorism is a real risk. So cyber-security of autonomous vehicles will be critical. And we're going to have to consider having black boxes in vehicles in the event of an incident."