Hackers can easily trick self-driving cars into thinking that another car, a wall or a person is in front of them, potentially paralysing it or forcing it to take evasive action.



Automated cars use laser ranging systems, known as lidar, to image the world around them and allow their computer systems to identify and track objects. But a tool similar to a laser pointer and costing less than $60 can be used to confuse lidar.

The attack can be carried out from behind, in front or from the side of the car and without alerting the car’s passengers, according to a security researcher.

Lidar systems mounted on Google’s self-driving test vehicle fleet. Photograph: Eric Risberg/AP

Lidar, usually mounted on the car’s roof, uses spinning lasers in a similar manner to radar, detecting objects and building a 3D image of the world around the car.

But by using a low-power laser hackers could trick the lidar into detecting echoes of fake objects, such as pedestrians, cyclists, other cars or walls, according to a paper by Jonathan Petit, a research then a fellow of University of Cork’s Computer Security Group.

In the paper, to be presented at November’s Black Hat Europe security conference, Petit describes a system built with off-the-shelf components including a Raspberry Pi or Arduino computer that can effectively spoof the car at a range of up to 100m.

The self-driving cars can be brought to a stop, tricked into taking evasive action or into turning in a certain direction by placing the spoofed objects in their paths.

“I can spoof thousands of objects and basically carry out a denial-of-service attack on the tracking system so it’s not able to track real objects,” Petit told IEEE spectrum. “I don’t think any of the lidar manufacturers have thought about this or tried this.”

Most self-driving cars rely on multiple sensors, but lidar has proven the most effective within test vehicles for a creating 360-degree detection grid around the car.

Google, Lexus, Mercedes, Audi and other car manufacturers all user lidar on their prototype driverless cars.

Recently, car automation systems, including those fitted to current vehicles as cruise control and emergency braking systems, have become the focus of hackers.

A series of attacks have demonstrated serious weaknesses within their security, which could allow hackers to take over control of key systems including throttle, brakes and steering.

Jeep owner Chrysler initiated a recall of cars fitted with the company’s Uconnect entertainment system, after researchers showed they could take control of the car via simple text messages.

The recall was recently extended to another 7,810 vehicles over safety fears.

• Most cars are vulnerable to ‘hacking or privacy intrusions’ – report

• Driverless cars could face threat from hackers trying to cause road chaos