Modern cars and autonomous vehicles use millimeter wave (mmWave) radio frequencies to enable self-driving or assisted driving features to keep passengers and pedestrians safe. However, this connectivity can also expose them to potential cyber-attacks.
Attackers driving ahead of an autonomous unit can engage in “spoofing,” an activity that involves interfering with the vehicle’s return signal to trick it into registering an obstacle in its path. The vehicle may then brake suddenly, increasing the risk of an accident.
To help improve the safety and security of autonomous vehicles, a team of researchers from the lab of Dinesh Bharadia, an affiliate of the UC San Diego Qualcomm Institute (QI) and faculty member in the university’s Jacobs School of Engineering Department of Electrical and Computer Engineering, and colleagues from Northeastern University has devised a novel algorithm designed to mimic an attacking device. The algorithm lets researchers identify areas for improvement in autonomous vehicle security.
“The invention of autonomous systems, like self-driving cars, was to enable the safety of humanity and prevent loss of life,” said Bharadia. “Such autonomous systems use sensors and sensing to deliver autonomy. Therefore, safety and security rely on achieving high-fidelity sensing information from sensors. Our team exposed a radar sensor vulnerability and developed a solution that autonomous cars should strongly consider.”
Previous attempts to develop an attacking device to test cars’ resistance have had limited feasibility, either assuming the attacker can synchronize with the victim’s radar signal to launch an assault or assuming both cars are physically connected by a cable.
In the new study, the team describes a new technique that uses the victim vehicle’s radar against itself. By constantly altering the received signal parameters at “lightspeed” before it reflects back, attackers can disguise their sabotage and make it harder for the vehicle to filter malicious behavior. All this can be done in real-time, “anytime, anywhere,” without knowing anything about the victim’s radar.
“Automotive vehicles heavily rely on mmWave radars to enable real-time situational awareness and advanced features to promote safe driving,” said Rohith Reddy Vennam. “Securing these radars is of paramount importance. We – mmSpoof – uncovered a serious security issue with mmWave radars and demonstrated a robust attack. What’s alarming is that anyone can build the prototype using off-the-shelf hardware components.”
To combat such attacks, researchers are seeing to improve the safety of autonomous vehicles that can use a high-resolution radar capable of capturing multiple reflections from a car to accurately identify the true reflection. The team might also create backup options for radar by incorporating cameras and LiDAR, which records the time it takes for a laser pulse to hit an object and return to measure its surroundings into their defense.
Alternately, the team presents mmSpoof as a means of preventing dangerous tailgating. By placing a mmSpoof device on the back of their car, drivers can trick a tailgating car into registering a decelerating car in front of them and activating the brakes.
- Rohith Reddy Vennam, Ish Kumar Jain, Kshitiz Bansal, Joshua Orozco, Puja Shukla, Aanjhan Ranganathan, Dinesh Bharadia. mmSpoof: Resilient Spoofing of Automotive Millimeter-wave Radars using Reflect Array. IEEE Symposium on Security and Privacy, 2023; DOI: 10.1109/SP46215.2023.00113