Drone With a Projector Successfully Trolls Car’s AI
Drone With a Projector Successfully Trolls Car’s AI
July 10, 2019
Ars Technica – After a recent demo using GNSS spoofing confused a Tesla, a researcher from Cyber@BGU reached out about an alternative bit of car tech foolery. The Cyber@GBU team recently demonstrated an exploit against a Mobileye 630 PRO Advanced Driver Assist System (ADAS) installed on a Renault Captur that uses Mobileye.
Ben Nassi, a Ph.D. student from BGU’s Department of Software and Information Systems Engineering, and his team were able to trick the Mobileye system by using a drone to project fake traffic signs that displayed the speed limit at 90 km/h (55.9 m/h) in what was actually a 30 km/h zone. The Mobileye is a Level 0 system, which means it informs a human driver but does not [thankfully in this case] automatically steer, brake or accelerate the vehicle.
Nassi created both the video below and a page to lay out the security-related questions raised by this experiment. The detailed academic paper the University group prepared explores how Mobileye ignored signs of the wrong shape, but the system turned out to be perfectly willing to detect signs of the wrong color and size. Even more interestingly, 100 milliseconds was enough display time to spoof the ADAS, a time so brief that many humans wouldn’t spot the fake sign at all.
The Cyber@BGU team also tested the influence of ambient light on false detections: it was easier to spoof the system late in the afternoon or at night, but attacks were reasonably likely to succeed even in fairly bright conditions.
There are many factors to BGU’s experiment that make it interesting. No physical alteration of the scenery is required; this means no human needs to be on the scene. A drone might shadow a target car, then wait for an optimal time to spoof a sign in a place and at an angle most likely to affect the target with minimal “collateral damage” in the form of other nearby cars also reading the fake sign.