The demand for advanced driver assistance systems (ADASs) — technologies that aid in monitoring, warning, braking, and steering tasks — is expected to increase over the next decade. Unfortunately, cybercriminals will also look for opportunities in the form of security gaps and will attempt to exploit the same technologies that make ADASs beneficial in protecting drivers and reducing accidents on the road.
In this blog entry, we discuss two attack scenarios that demonstrate how infrared (IR) laser technology can be exploited by malicious actors to interfere with ADASs and mislead a vehicle to execute incorrect or even dangerous actions.
ADASs defined
ADASs are electronic systems in a vehicle that use cameras and other sensors to help the driver drive safely. These systems give the driver warnings, automatically apply the brakes, or adjust the speed to prevent accidents. Examples of ADAS components include sensors that detect objects around the car, cameras that show the view behind it, and warnings for lane drifting or cars in a driver’s blind spot. Overall, ADASs can help make driving safer and prevent accidents.
Cameras as an essential part of ADASs
Cameras play an important role in ADASs as they provide a real-time view of the vehicle’s surroundings. They capture video images that the ADAS software analyzes to detect objects such as other vehicles, pedestrians, or obstacles in the car’s path. Many cameras used in ADASs are designed to capture both visible and IR light. This makes cameras effective in enhancing vehicle perception even in low-light conditions.
Attack scenarios
While cameras in vehicles can detect IR light (which falls outside the visible range for humans), this capability could also become a potential vulnerability. An attacker could flood a camera’s sensor with powerful IR radiation, causing it to saturate and produce unusable images, and ultimately rendering the camera ineffective. But the danger doesn’t stop there. An attacker could also project IR light onto a road sign, causing a vehicle’s perception system to misinterpret the sign.
Such attacks could lead to incorrect or even dangerous actions by the vehicle. It’s worth noting that these attacks are more likely to target autonomous vehicles, which, unlike human-driven vehicles, rely heavily on perception systems.
Projecting IR light toward cameras
During the ACM Conference on Computer and Communications Security (CCS) 2021, the researchers Wei Wang, Yao Yao, Xin Liu, Xiang Li, Pei Hao, and Ting Zhu demonstrated a novel attack method that exposed vehicle cameras’ potential vulnerabilities. The vulnerability highlighted in their research, which involves projecting IR light toward cameras, affects various types of autonomous vehicles, including Tesla’s, and can be exploited using IR light with wavelengths ranging from 780 to 850 nanometers. This security challenge, dubbed I-Can-See-the-Light (ICSL) Attack by the researchers, can be used to create fake traffic signals, alter a vehicle’s environment perception, or even blind a camera.
Projecting IR light onto road signs
During the Symposium on Vehicle Security and Privacy (VehicleSec) 2023, the researchers Takami Sato, Sri Hrushikesh Varma Bhupathiraju, Michael Clifford, Takeshi Sugawara, Qi Alfred Chen, and Sara Rampazz provided experimental evidence to show that projecting IR light onto road signs could indeed affect vehicles. They conducted their experiments using a camera and a projector to simulate an IR alteration attack. They found that projecting IR light onto a road sign could cause the perception system to misinterpret the sign, leading to incorrect or potentially dangerous actions by the vehicle.
Hidden risks
In both attack scenarios, whether the attacker projects IR light directly toward a camera or onto a road sign, the camera of the vehicle is affected, causing it to misinterpret its surroundings. This introduces risks such as making the vehicle stop unexpectedly, potentially causing traffic jams or accidents, and ruining the in-car user experience by blinding AV cameras. Additionally, an attacker could introduce simultaneous localization and mapping (SLAM) errors by deploying multiple IR light sources on the road.
Attacks such as those discussed in this article can compromise the safety and reliability of autonomous vehicles, and thus highlight the importance of having robust cybersecurity measures in place to safeguard them.
To read more research on other possible vulnerabilities in connected vehicles and learn best security practices, visit our resource center.