Specification of Spoofing Attack

[TimoHinsemann]

It seems that spoofing-attacks can be categorized into different "kinds" of spoofing, see:

https://www.linkedin.com/posts/lukastimm_anyone-can-remotely-take-over-your-car-ugcPost-7208577988680953856-UWWU/?utm_source=share&utm_medium=member_desktop

---

Original Post:

Anyone can remotely take over your car 😱

Lidar and Radar companies don’t want you to know this:

1. Researchers have demonstrated the ability to spoof automotive FMCW radars by using a "reflect array" based attacker device that reflects the radar signal with appropriate modulation to create false targets [4][6][9][12]. This does not require synchronization with the victim radar.

2. By controlling the delay and phase of the reflected signal, attackers can spoof both the distance and velocity of fake targets simultaneously, presenting phantom objects that appear to obey laws of physics [9][12].

3. Backscatter-modulated tags can also be used to introduce false information into FMCW radar signals, creating ghost targets at arbitrary ranges and velocities [6].

4. Replay attacks using another radar to retransmit a replica of the original signal have been demonstrated for distance spoofing on FMCW radars [6].

5. Advanced attacks can use adaptive finite state machines and machine learning to efficiently adjust the attacker's waveform parameters to bypass countermeasures like frequency hopping [6].

LiDAR Spoofing Attacks

6. Laser-based spoofing attacks can inject fake objects into the point cloud data received by LiDAR sensors on autonomous vehicles by firing lasers at the sensor [1][3][5][13][14][15][17][19][20].

7. Researchers have demonstrated the ability to create "fake object injection" attacks that trick LiDAR sensors into perceiving pedestrians or other vehicles when none exist [1][19][20].

8. A new "object removal" attack has been identified that can conceal real objects like vehicles from being detected by next-generation LiDAR sensors [1][5][13].

9. These spoofing attacks can directly trigger unsafe driving behaviors in autonomous vehicles like emergency braking or front collisions by feeding false data [1][5][13][19][20].

10. Even with limited information about the LiDAR sensor, a cyber attacker with access to the raw sensor data can design attacks to disrupt the perception and tracking capabilities of autonomous vehicles [13].

11. Adversarial machine learning techniques have been explored to optimize the spoofed point cloud patterns to fool the object detection models used in LiDAR-based perception systems [1][3][13].

12. Spoofing attacks are possible even against sensor fusion systems that combine LiDAR with cameras, as the naive spoofing can break the consistency between sensors [2][8].

How do you think lidar and radar companies are dealing with this threat?

Are they even?

When I came across this really blew my mind.

I really hope measures are taken!

I mean just imagine an OEM could run a campaign of cyber hacks against a competitor.

There’d likely be no trace to the spoofing.

The Competitor might need to issue a huge recall for excessive ghost or phantom braking.

This is insane 🤯

Let me know your thoughts on the comments!