A team of researchers from prominent universities – including SUNY Buffalo, Iowa State, UNC Charlotte, and Purdue – were able to turn an autonomous vehicle (AV) operated on the open sourced Apollo driving platform from Chinese web giant Baidu into a deadly weapon by tricking its multi-sensor fusion system, and suggest the attack could be applied to other self-driving cars.

  • EvilBit@lemmy.world
    link
    fedilink
    English
    arrow-up
    37
    arrow-down
    5
    ·
    6 months ago

    https://xkcd.com/1958/

    TL;DR: faking out a self-driving system is always going to be possible, and so is faking out humans. But doing so is basically attempted murder, which is why the existence of an exploit like this is not interesting or new. You could also cut the brake lines or rig a bomb to it.

    • Beryl@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      6 months ago

      You don’t even have to rig a bomb, a better analogy to the sensor spoofing would be to just shine a sufficiently bright light in the driver’s eyes from the opposite side of the road. Things will go sideways real quick.

      • EvilBit@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        It’s not meant to be a perfect example. It’s a comparable principle. Subverting the self-driving like that is more or less equivalent to any other means of attempting to kill someone with their car.

        • Beryl@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          I don’t disagree, i’m simply trying to present a somewhat less extreme (and therefore i think more appealing) version of your argument

    • Jesus@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      6 months ago

      Wait until you see what my uncle Jerry can do with a 5th of vodka and his Highlander.

  • NeoNachtwaechter@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    6 months ago

    It is old.

    I mean, not this certain attack, but the principle is well known.

    The solution is also known: any sensor (or at least any critically important sensor) in a robotic system must be able to recognize it’s own state of “blindness”. The system must react accordingly. (For example, with the camera behind the windshield, it would activate the wipers and the heating in the windshield to remove possible rain, snow or dirt). If several sensors go “blind” at the same time, the system must do a safe stop of the car.

    • Gustephan@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      6 months ago

      It’s basically chaff, lol. We’ve known chaff is an effective radar countermeasure since the 40s, and it seems like the researchers have found the lidar and optical equivalents of chaff. What really scares me is the idea of this evolving into more sophisticated deception attacks like range or velocity gate pulls. No idea how you’d do that with lidar or optically, but I’d bet money that’s a line item on a black budget somewhere

    • CheeseNoodle@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      Its still a problem, A sheet held across the road on a string would show up as a wall to both cameras and lidar. I for one am buffalo buffalo buffalo buffalo buffalo looking forward to the emerging profession of road pirates robbing automated trucks this way.

      • NeoNachtwaechter@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        6 months ago

        road pirates robbing automated trucks

        Ok but the problem of road pirates isn’t new either, is it? Let’s watch ‘Herbie’ again :-)

        There is just one risk that is kinda new (but actually coming with every automation): systematic errors could bring vulnerabilities that get exploited in large numbers.