Cars That Think iconCars That Think

Researcher Hacks Self-driving Car Sensors

The multi-thousand-dollar laser ranging (lidar) systems that most self-driving cars rely on to sense obstacles can be hacked by a setup costing just $60, according to a security researcher.

“I can take echoes of a fake car and put them at any location I want,” says Jonathan Petit, Principal Scientist at Security Innovation, a software security company. “And I can do the same with a pedestrian or a wall.”

Using such a system, attackers could trick a self-driving car into thinking something is directly ahead of it, thus forcing it to slow down. Or they could overwhelm it with so many spurious signals that the car would not move at all for fear of hitting phantom obstacles.

In a paper written while he was a research fellow in the University of Cork’s Computer Security Group and due to be presented at the Black Hat Europe security conference in November, Petit describes a simple setup he designed using a low-power laser and a pulse generator. “It’s kind of a laser pointer, really. And you don’t need the pulse generator when you do the attack,” he says. “You can easily do it with a Raspberry Pi or an Arduino. It’s really off the shelf.”

Petit set out to explore the vulnerabilities of autonomous vehicles, and quickly settled on sensors as the most susceptible technologies. “This is a key point, where the input starts,” he says. “If a self-driving car has poor inputs, it will make poor driving decisions.”

Other researchers had previously hacked or spoofed vehicle’s GPS devices and wireless tire sensors.

While the short-range radars used by many self-driving cars for navigation operate in a frequency band requiring licensing, lidar systems use easily-mimicked pulses of laser light to build up a 3-D picture of the car’s surroundings and were ripe for attack.

Petit began by simply recording pulses from a commercial IBEO Lux lidar unit. The pulses were not encoded or encrypted, which allowed him to simply replay them at a later point. “The only tricky part was to be synchronized, to fire the signal back at the lidar at the right time,” he says. “Then the lidar thought that there was clearly an object there.”

Petit was able to create the illusion of a fake car, wall, or pedestrian anywhere from 20 to 350 meters from the lidar unit, and make multiple copies of the simulated obstacles, and even make them move. “I can spoof thousands of objects and basically carry out a denial of service attack on the tracking system so it’s not able to track real objects,” he says. Petit’s attack worked at distances up to 100 meters, in front, to the side or even behind the lidar being attacked and did not require him to target the lidar precisely with a narrow beam.

Petit acknowledges that his attacks are currently limited to one specific unit but says, “The point of my work is not to say that IBEO has a poor product. I don’t think any of the lidar manufacturers have thought about this or tried this.” 

Sensor attacks are not limited to just robotic drivers, of course. The same laser pointer that Petit used could carry out an equally devastating denial of service attack on a human motorist by simply dazzling her, and without the need for sophisticated laser pulse recording, generation, or synchronization equipment.

But the fact that a lidar attack could be carried out without alerting a self-driving car’s passengers is worrying. Karl Iagnemma directs the Robotic Mobility Group at MIT and is CEO of nuTonomy, a start-up focused on the development of software for self-driving cars. He says: “Everyone knows security is an issue and will at some point become an important issue. But the biggest threat to an occupant of a self-driving car today isn’t any hack, it’s the bug in someone’s software because we don’t have systems that we’re 100-percent sure are safe.”

Petit argues that it is never too early to start thinking about security. “There are ways to solve it,” he says. “A strong system that does misbehavior detection could cross-check with other data and filter out those that aren’t plausible. But I don’t think carmakers have done it yet. This might be a good wake-up call for them.”

Editor’s note: Corrections to this post were made on 4 September 2015.

Google's Self-Driving Cars Roam Roads in Texas

Google’s self-driving cars have only seen glimpses of the world outside of the hilly roads in the Bay Area surrounding its home garage Mountain View, Calif. But its latest prototypes will have a second base in Austin, Texas. This past Saturday, at the Thinkery science museum in Austin, Mayor Steve Adler announced that the fully self-driving, egg-shaped pod prototypes, or Koala cars, will arrive this week.

Read More

A Driving App That Crowdsources the Weather

It’s a cold day in winter and you’re driving on dry pavement when your dashboard flashes a warning: black ice up ahead. You slow down, engage your four-wheel drive and start watching for other drivers who might not be so well informed as you.

That scene, straight out of the connected-car playbook, would seem to require a few more years of public investment in smart roads, but in fact this very service was announced today. It comes from Inrix, a road-data provider based near Seattle, and from its partner in the service, Global Weather Corporation.

Up until now, Inrix had gathered basic data from hundreds of millions of moving objects throughout the world—mostly cell phones, cars and fleet vehicles—and sold it to fleet operators and car makers like Porsche. Those companies, in turn, typically made it available through smartphone apps or dashboard consoles. The new service, called INRIX Road Weather, adds data gleaned from the actions of the car—for instance, the switching of its windshield wipers—which would imply that it has started to rain.

“If several cars in a location show that a low temperature is kicking in, we’d take in their position from GPS signals, data from our weather partner, and then say that at that spot—within 500 meters—there is black ice,” says Steve Banfield, chief marketing officer for Inrix. “It’s a much more focused warning than before, not only for drivers but for the folks in charge of sanding the roads, safety patrols and law enforcement.”

The most important data come from a handful of car functions: the time of day, the GPS coordinates, the temperature outside the car, what the brakes are doing (particularly automatic braking systems), and whether the fog lights are on. Auxiliary data might include barometric pressure, the temperature of the road itself (taken by infrared sensors), barometric pressure, and of course the stage of those windshield wipers.

“We are pioneering the connected car,” Banfield says. “Today we are alerting a human driver, but it will be of incredible value to automated driving when that comes.”

Banfield wouldn’t say how much Inrix charges fleets and car makers, only that it was a minuscule sum compared to the overall cost of operating a vehicle. “The charge for the service will be paid by the OEMs [original equipment manufacturers] for the first few years; after that, if customer wants to continue, then he might pay for an extended subscription.”

Gartner to World: Peak Hype For Robocars

Autonomous vehicle technology is now at the peak of its “hype cycle,” according to Gartner, the technology research firm that coined the phrase.

You might interpret this as investor-speak for “it’s time to sell your stake,” but that’s not quite right. Gartner’s point is to chart the rise and fall of expectations for the future. Being the object of peak hype is no shame—though it’s no great honor, either. It happens to every technology. But after peak hype comes what Gartner calls “trough of disillusionment,” a Pilgrim’s-Progress-like phrase for the place where marginal players fall off the bandwagon.  

The cycle is composed of two graphs.  The first is an up-and-down line plotting rising and falling expectations due to hype and disillusionment. The second is the familiar S-shaped curve of technology acceptance, which accumulates as a minority of early adopters are joined by a majority of more conservative types, and finally by a minority of laggards--those with the lowest appetite for technological risk. It was proposed by Everett Rogers, the sociologist who coined the phrase “early adopters.”

In 2010, barely a year after Google began talking up its experimental self-driving car, Gartner pegged the technology about halfway up the the initial climb. It inched up every year thereafter. Big auto makers--fearing for their fortunes—began running self-driving programs, like the one that produced the 2014 Mercedes S Class. They were followed by the smaller auto companies, then by the suppliers. Now Uber, a ride-hailing app, and even Apple, the mother of all apps, are apparently building autonomous cars.  Who’s next—McDonalds? 

There are a few nits to pick with Gartner’s methodology. It presumes all technologies have a similarly shaped life cycle, though some obviously shoot up fast only to stagnate (nuclear energy), others grow slowly but grow long (solar voltaics) or fast followed by fast (Moore’s Law).  And it presumes to beat the market at its own game: predicting the future. But that’s what research firms are paid to try to do.

It’s harder to pick on particular technologies. For example, in the very first Gartner chart, in 1995, wireless communications were already halfway up the hype hill; in 2000 wireless reached peak hype, and thereafter it no longer appears (except as subsets of its original self, such as Bluetooth). Reason: wireless was no longer in the future—it was in most homes and businesses.

Or take augmented reality, which was halfway up the hype hill in 2005, well down the other side in 2012—but it’s still not an established technology.

Gartner’s fixed track of takes no account of seemingly fizzled technologies that finally stage a comeback. Electric cars seemed full of possibility a hundred years ago, then they didn’t, now they do again. In mid-Victorian days, Charles Babbages’ digital computers were a thing, then they weren’t, and now—now they’re the beating heart of the world.

Apple Aims to Test Self-Driving Cars at Military Base

Rumors of a secret Apple self-driving car were apparently not exaggerated. Documents obtained by The Guardian show that the tech giant’s engineers have been searching for a place to test self-driving car technology out of public sight.

In May, Apple’s secretive Special Projects group sent engineers to investigate the possibility of holding self-driving car tests at GoMentum Station, a 2,100-acre former naval weapons station located near San Francisco, according to The Guardian. Mark Harris, a contributor to The Guardian and IEEE Spectrum, obtained the related correspondence between officials and Apple engineers through a public records act request.

Read More

Security Researchers Crack Popular Anti-Theft Protection for Cars

Thieves may not find it very tough to crack a popular electronic safeguard that typically prevents a car’s engine from starting unless the car’s owner intends for it to. Security researchers have finally been allowed to present a paper showing how they cracked a popular electronic vehicle immobilizer used in many common car models.

Read More

Tesla Hands Self-Driving Technology to Select Customers

Tomorrow, Tesla is to begin uploading the latest version of its Autopilot software to a select group of of its Model S electric cars. The owners of these vehicles will act as beta testers, putting their cars through wringers never imagined by the company’s pros. If all goes well, a wider roll out will come later in the year.

It’s like handing off DVD players to the first non-engineers ever to see them—guys who will not read the #$%^! manual and who will not use a ballpoint pen to set the digital clock so it won’t flash “12:00” forever and ever.

Tesla’s beta testers will indeed be drivers, not merely passengers, because Autopilot 7.0 represents only a small step up from the previous package of driver assistance systems. It will manage lane-keeping, mind the gap to the car in front and behind, and handle much of the braking and acceleration. But testers will still have to oversee all operations and register their alertness—if only for legal purposes—by hitting the turn signal indicator every so often. 

"We don't want to set the expectation that you can basically pay no attention to what the car is doing," Elon Musk, Tesla’s CEO and CTO, said in a call to analysts last week to discuss second-quarter earnings. Musk also indicated that the system was particularly at home when tracking a lead vehicle.

“You basically have high confidence in steering, braking and acceleration, basically when you are in some kind of traffic situation where there is a car right in front of you,” he said. “I think it's pretty good in the absence of that, so if there's just lanes, it's pretty good. And it will get better over time as we refine the software.”

Musk said one thing the beta test was looking for was how drivers reacted to the new Autopilot and its interface. Of course, the auto press would also like to know the answer to that question, but it’s hard to get a beta tester to talk. Earlier this year one commenter on a Tesla users’ forum suggested that “beta testers with loose lips are quickly banished.”

IEEE Spectrum would love to talk to anyone who can provide solid evidence of being a beta tester of the latest Autopilot.

Musk seems to have a policy of branching out again and again so that he can make a business out of every part of every system his company designs. First he had electric cars, now he is taking orders for stationary electric storage facilities based on the cars’ batteries, and next up is mapping. He said Tesla had to do it because there’s no publicly available mapping service of sufficient resolution for self-driving cars. It’s the reasoning behind last week’s sale of Nokia’s mapping service to Audi, BMW and Mercedes-Benz.

Yet another way Tesla could extend its reach was suggested in Musk’s response to an analyst who asked about Travis Kalanick, head of the Uber ride-hailing business, who had been quoted as saying that if Tesla’s cars achieved autonomy by 2020, Kalanick would want to buy all of them. The question was whether Musk might prefer instead to set up a ride-sharing business of his own.

“That’s an insightful question,” Musk said, and then went silent for a good  while. “I don’t think I should answer it.”

British Highway Will Recharge Your Batteries as You Drive

Smart roads can be smart in many ways—say by anticipating traffic jams or by conversing with a car’s autopilot to improve safety.

They can also converse with your car’s battery to transfer power to it. It’s a scheme known as magnetic resonance coupling, and it was pioneered in a small Korean tram system  two years ago, as IEEE Spectrum reported at the time. Now Britain is planning a pilot project using the same idea. It’s to begin later this year, and if it proves out, the government says it will proceed with tests on actual roads.

Read More

Testing Trust in Autonomous Vehicles through Suspension of Disbelief

Autonomous vehicles are generally pretty safe by the time they get to the point that they’re able to drive themselves on public roads. Statistically, they’ve proven themselves to be safer than human drivers most of the time.

While it’s easy enough to tell people that, convincing them to place their trust in an autonomous vehicle isn't a simple thing, especially because the trust humans have in robots (all robots, not just cars) is highly situational. For instance, it might be easy to have a lot of trust in an autonomous car at low speed on an empty road, but how about driving around cyclists or through construction zones? The car may be capable of handling these situations, but whether the human believes that the car can handle these situations, is a different kettle o’ fish.

Researchers don’t have a lot of options when it comes to studying how humans react to being driven by autonomous cars. You can try a simulation, but because the subjects always know it’s a simulation and they’re not really in danger, you’re not accurately testing their reactions. You can also stick them in a real autonomous car, but even if you have one of those and you can legally drive it on public roads, it’s not easy (or necessarily safe) to put it through the specific types of situations that are designed to test passenger trust and reactions in the way that you want.

At Stanford’s Center for Design Research, Sonia Baltodano, Srinath Sibi, Nikolas Martelaro, Nikhil Gowda, and Wendy Ju have come up with a third option. It’s called Real Road Autonomous Driving Simulation (RRADS), and it works by encouraging humans to think they’re in an autonomous car when they’re really not.

Read More

Jeep Hacking 101

By far, the most vibrant talk yet at the 2015 Blackhat computer-security conference was the one given yesterday by Charlie Miller and Chris Valasek on hacking a car remotely through the Internet.

In case you’ve not been following this story, these two researchers managed to take control of an unaltered vehicle’s electronically controlled subsystems (radio, AC, wipers, transmission, steering, even brakes) from afar, using the Internet connection its entertainment system makes through Sprint’s cellular network.

Miller and Valasek’s description of what they did to hack the car was immensely entertaining, even though most of the story was out already. In a nutshell, they used a 2014 Jeep Cherokee that was equipped with a Harman-Kardon “head unit” that controls the central display and entertainment system. Initially, they hacked this unit through Wi-Fi (the unit provides a Wi-Fi hotspot for passengers to use), but soon were able to tap into it through its cellular connection, which goes over Sprint’s wireless network.

Read More

Cars That Think

IEEE Spectrum’s blog about the sensors, software, and systems that are making cars smarter, more entertaining, and ultimately, autonomous.
Contact us:

Senior Editor
Philip E. Ross
New York City
Assistant Editor
Willie D. Jones
New York City
Senior Writer
Evan Ackerman
Berkeley, Calif.
Lucas Laursen

Newsletter Sign Up

Sign up for the Cars That Think newsletter and get biweekly updates, all delivered directly to your inbox.

Load More