Even as self-driving car makers focus on beefing up their security systems to prevent hackers from gaining entry, there may be a more mundane MacGyver-esque way to mess with those autonomous vehicles anyway.
University of Washington
Security researchers at the University of Washington have demonstrated how they figured out a way to mislead the computer on board a self-driving car using nothing more than a few home-printed stickers.
The team used printed images, that they stuck to road signs, in order to confuse the computer vision systems on board self-driving cars. UW¡¯s Yoshi Kohno explained that small stickers attached to a standard stop sign caused a vision system to misidentify it as a Speed Limit 45 sign. Car vision systems have an object detector, which identifies everything from pedestrians to lights, signs, and other vehicles, and a classifier that figures what they are and how to respond.?
The team¡¯s attack assumed that the would-be attackers were able to gain access to thi classifier, and used its algorithm in combination with a particular road sign to generate a custom image. Then, thanks to the subtle changes in their custom road sign stickers, which were simply overlaid over the real ones to look like simple vandalism, the team was able to make the autonomous vehicle misbehave.
While similar techniques have been demonstrated before, this is the first time the changes were subtle enough to possibly avoid human detection, as well as working from different angles. For example, one attack the team carried out was printing a full-size custom ¡®Stop¡¯ sign and pasting it over the original. While the new sign merely looked like a splotchy or fading sign to human drivers, the car instead consistently interpreted it as a ¡®speed limit 45¡¯ sign.
¡°Attacks like this are definitely a cause for concern in the self-driving-vehicle community,¡± said Tarek El-Gaaly, a senior research scientist at autonomous vehicle startup Voyage.. ¡°Their impact on autonomous driving systems has yet to be ascertained, but over time and with advancements in technology, they could become easier to replicate and adapt for malicious use.¡±