New Attack Focused on AV (autonomous vehicle) Sensors

 Attacks on AV sensors are popular at regional conferences and at the fountain of knowledge (aka

DEFCON). The different attacks are always interesting (e.g., SQL injection to gain access, creating a fake

object point in LiDAR, and others). Earlier this year a new attack emerged. The MadRadar is designed to

mask actual objects from the sensor or create fake/phantom objects for the sensor. Specifically, the

attack can provide the vehicle’s sensors with false positives, false negatives, and translation attacks.

The attack, created by a team at Duke University, is agnostic and may be used against any vehicle’s radar

system, making this exceptionally useful. The demonstration for this has shown the radar being tricked

into detecting a vehicle driving towards it instead of the vehicle driving away from the targeted vehicle.

Other demonstrations have created a vehicle where there was none. The attack is also flexible and can

adjust to different types of radar. This is done via the tool learning about the radar from the transmitted

signals. This ability to adjust is based on the target radar’s bandwidth, chirp time, and frame times.

This would be a viable attack against the different functions for vehicles using radar, as with adaptive

cruise control. With vehicles depending on sensors for autonomous driving, this is especially

problematic. This may also effect park assist, blind spot detection, and rear collision warming.

While this is from researchers, this is a viable attack to complicate AV operations.

Autonomous Vehicles (AVs) have a Substantial Attack Surface

 This is a fantastic age to live in. We have vehicles that notify us when another vehicle is near us, when we’re too close to the vehicle in front of us or the side of the road, when we are sliding inadvertently into the next lane, and log our activities. This is a massive step from the vehicles of 10-15 years ago. The sensors installed within the vehicle offer cutting edge technology for the driver. These also have improved safety for the occupants along with others on the roadmap. Have pentested an AV, I can attest this is a delight.

While I sing the praise of the AVs, there are issues. This has potential threats to the AVs due to the platform, sensors, and OS. These are all new attack surfaces and vulnerabilities. If exploited, these provide an opportunity for disaster. The new threats come from various sources. These new machines, as they are heavily dependent on software, are open to remote attacks. If successful, modules could be compromised. Depending on which one is targeted and breached, there are varying levels of criticality. For instance, steering or brake ECUs are relatively serious.

Data is the new gold and oil. This is especially the case with vehicles. Each collects a mass amount of data from general operations and the sensors. The data may be used in multiple scenarios.

While sensors have improved vehicle operations and safety, there are potential issues here also. The sensors could be spoofed, providing false data to the vehicle and data processing. The fake data could provide a false set of data for the surroundings. This could lead the vehicle on the wrong path.

While this could provide for issues, there are preventive measures to the taken. The software may be hardened, making these more robust. Patching is also pertinent. This occurring regularly limits the attack surface. Encryption should be used with vehicles data and communication. This limits the weak points which are targets.

  

Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture

Red Team Product Pentesting   |   HW & SW BoMs  |   CBoM  | 

Vulnerability Management   |   Tabletop Exercises (TTX)   | 

Embedded Systems Architecture   |   Threat Intelligence   | 

TARA (Threat Assessment and Remediation Analysis) |

Supply Chain Cybersecurity Review 

Reverse Engineering

 charles.parker@mielcybersecurity.net 810-701-5511