A team of researchers from prominent universities – including SUNY Buffalo, Iowa State, UNC Charlotte, and Purdue – were able to turn an autonomous vehicle (AV) operated on the open sourced Apollo driving platform from Chinese web giant Baidu into a deadly weapon by tricking its multi-sensor fusion system, and suggest the attack could be applied to other self-driving cars.
TL;DR: faking out a self-driving system is always going to be possible, and so is faking out humans. But doing so is basically attempted murder, which is why the existence of an exploit like this is not interesting or new. You could also cut the brake lines or rig a bomb to it.
People seem to hold computers to a higher standard than other people when performing the same task.
Because humans have more accountability. Also it has implications for military/police use of self-guided stuff.
I think human responses vary too much: could you follow a strategy that makes 50% of human drivers crash reliably? probably. Could you follow a strategy to make 100% of autonomous vehicles crash reliably? Almost certainly.
Or if it’s a Tesla you could hack someone’s weather app and thus force them to drive in the rain.
You don’t even have to rig a bomb, a better analogy to the sensor spoofing would be to just shine a sufficiently bright light in the driver’s eyes from the opposite side of the road. Things will go sideways real quick.
It’s not meant to be a perfect example. It’s a comparable principle. Subverting the self-driving like that is more or less equivalent to any other means of attempting to kill someone with their car.
I don’t disagree, i’m simply trying to present a somewhat less extreme (and therefore i think more appealing) version of your argument
Human-driven cars can be crashed with a brick, or a quart of oil.
Wait until you see what my uncle Jerry can do with a 5th of vodka and his Highlander.
It is old.
I mean, not this certain attack, but the principle is well known.
The solution is also known: any sensor (or at least any critically important sensor) in a robotic system must be able to recognize it’s own state of “blindness”. The system must react accordingly. (For example, with the camera behind the windshield, it would activate the wipers and the heating in the windshield to remove possible rain, snow or dirt). If several sensors go “blind” at the same time, the system must do a safe stop of the car.
It’s basically chaff, lol. We’ve known chaff is an effective radar countermeasure since the 40s, and it seems like the researchers have found the lidar and optical equivalents of chaff. What really scares me is the idea of this evolving into more sophisticated deception attacks like range or velocity gate pulls. No idea how you’d do that with lidar or optically, but I’d bet money that’s a line item on a black budget somewhere
Its still a problem, A sheet held across the road on a string would show up as a wall to both cameras and lidar. I for one am buffalo buffalo buffalo buffalo buffalo looking forward to the emerging profession of road pirates robbing automated trucks this way.
road pirates robbing automated trucks
Ok but the problem of road pirates isn’t new either, is it? Let’s watch ‘Herbie’ again :-)
There is just one risk that is kinda new (but actually coming with every automation): systematic errors could bring vulnerabilities that get exploited in large numbers.