In the field of automated driving, the development of LiDAR sensors that are used to detect people and obstacles is progressing. LiDAR is a technology that three-dimensionally measures the distance to an object and the object shape based on the reflected light of an irradiated laser. While the technology holds promise as a substitute for driver vision, there is a risk that malicious laser shooting, or spoofing, could inject false data and fake objects that do not exist.
Kentaro Yoshioka, a full-time lecturer at Keio University's Faculty of Science and Technology, and his colleagues conducted a large-scale vulnerability study on nine types of LiDAR sensors and three types of object detectors, both old and new. They evaluated how each sensor worked in response to an attack. The previous generation sensors could not avoid spoofing via "synchronization attacks," in which the firing cycle of the attack laser is aligned with the ranging laser. However, the next-generation sensors were able to nullify this by randomizing the timing of the ranging laser firing.
Furthermore, they identified the existence of a spoofing method that was also effective in next-generation LiDAR and named it High-Frequency Removal (HFR). This is a method of eliminating objects by firing numerous attack laser pulses at a higher frequency than the frequency of the ranging laser firing, thereby interfering with the LiDAR measurements. In the HFR spoofing experiment, the system was able to make objects with a horizontal range of 80° or more disappear even in the open air in mid-summer, when sunlight was strong, and spoofing was considered difficult.
This pointed to vulnerabilities in a wide range of LiDAR sensors and the need to develop defensive measures. In the future, it is expected that technologies to improve sensor resistance to malicious attacks and new algorithms to prevent the injection of faked data will be developed. In accordance with the checklist for ethical considerations set forth by the Computer Security Symposium, the group have notified each LiDAR manufacturer of the vulnerabilities in advance and released the results after a certain period as a countermeasure.
