A team of researchers from prominent universities – including SUNY Buffalo, Iowa State, UNC Charlotte, and Purdue – were able to turn an autonomous vehicle (AV) operated on the open sourced Apollo driving platform from Chinese web giant Baidu into a deadly weapon by tricking its multi-sensor fusion system, and suggest the attack could be applied to other self-driving cars.
It is old.
I mean, not this certain attack, but the principle is well known.
The solution is also known: any sensor (or at least any critically important sensor) in a robotic system must be able to recognize it’s own state of “blindness”. The system must react accordingly. (For example, with the camera behind the windshield, it would activate the wipers and the heating in the windshield to remove possible rain, snow or dirt). If several sensors go “blind” at the same time, the system must do a safe stop of the car.
It’s basically chaff, lol. We’ve known chaff is an effective radar countermeasure since the 40s, and it seems like the researchers have found the lidar and optical equivalents of chaff. What really scares me is the idea of this evolving into more sophisticated deception attacks like range or velocity gate pulls. No idea how you’d do that with lidar or optically, but I’d bet money that’s a line item on a black budget somewhere
Its still a problem, A sheet held across the road on a string would show up as a wall to both cameras and lidar. I for one am buffalo buffalo buffalo buffalo buffalo looking forward to the emerging profession of road pirates robbing automated trucks this way.
Ok but the problem of road pirates isn’t new either, is it? Let’s watch ‘Herbie’ again :-)
There is just one risk that is kinda new (but actually coming with every automation): systematic errors could bring vulnerabilities that get exploited in large numbers.