Spartan ‘hackers’ identify a security vulnerability in camera systems on autonomous vehicles so manufacturers can fix it
By: Matt Davenport
Sometimes leading a team of benevolent hackers means having unusual conversations with customer service. Just ask Michigan State University’s Qiben Yan.
One of his projects involves drones, the quadcopters that make stunning aerial photography a snap for hobbyists and professionals alike. There are more than 865,000 drones registered in the United States, according to the Federal Aviation Administration. For comparison, that’s just shy of the number of residents living in South Dakota.
“When we started this project, we accidentally broke a drone,” said Yan, an assistant professor of computer science and engineering. When he got in touch with customer service about repairs, the company’s service reps were curious about what he was using the drone for. So he told them.
His team was developing a stealthy, simple adversarial attack that exploits a vulnerability in camera systems that could allow a hacker to seize control of a drone from its pilot.
“The company was very interested,” Yan said. “We’re kind of ‘white hat’ hackers. We attack products so their manufacturers can fix problems and protect consumers before somebody malicious takes advantage.”
What Yan’s Secure and Intelligent Things Lab in the College of Engineering had discovered was that it was possible to trick drones into thinking they were heading for an obstacle. And all that what was required was two bright spots of light, for example from projectors or flashlights.
By shining the lights in certain ways into a drone’s cameras, the researchers could essentially make the drone hallucinate. The drone’s software would interpret the lights as a single obstacle in its path and engage the drone’s autonomous controls designed to avoid collisions. By adjusting the lights, the team could control where this phantom object appeared to the drone and steer the vehicle.
“We can start manipulating the drone by controlling the angles and intensity of the light,” Yan said. “By controlling the ‘object’ location, we can control in which way the drone moves.”
The team successfully targeted quadcopters from dozens of yards away, enough for would-be attackers to gain control of a drone and avoid being detected by its rightful operator. As companies are working to use drones in a variety of applications — such as delivery and inspection services — losing control of a quadcopter to thieves could mean losing property and information.
“Imagine that an Amazon delivery drone is under such an attack,” Yan said. “Your packages would be effectively seized by the attacker, while the drone pilot has no idea why it’s happening.”
The USENIX Security Symposium, one of the world’s leading cybersecurity conferences, has just accepted the research for presentation at its 2022 meeting. The team, which also includes Lichao Sun at Lehigh University in Pennsylvania, is working with the drone manufacturer to defend against the attack.
The good news is that the attack, which the team has named DoubleStar, can be thwarted with straightforward countermeasures. This includes putting lens hoods over the drone’s cameras to block some of the light and updating the drone’s obstacle avoidance software.
“Once they know the existence of an attack, they can specifically tune their algorithms for defense,” Yan said. “We don’t think it’ll be very hard to do.”
The research does, however, present some bigger and potentially more serious questions about larger autonomous vehicles. Losing control of a drone isn’t great, but if its rightful pilot was flying it according to FAA regulations prior to an attack, the risk of it causing injury is low. However, if a self-driving car or truck could be manipulated in a similar way using low-cost light projectors, the risk for harm could be greater.
Fortunately, autonomous vehicles meant for the roadway use more sophisticated camera systems and more powerful software controls than commercial quadcopters, Yan said. For these reasons, he believes that autonomous automobiles are likely impervious to the DoubleStar attack, but he wants to be sure.
“It’s still good to test it,” Yan said. He’s discussing his work with his colleagues who are autonomous vehicle experts and has been in touch with commercial vendors so his team can start running those tests. Spartan researchers are leaving no stone unturned as they work to usher in the future of mobility safely.
In the meantime, Yan also has advice for people who already own vehicles with self-driving systems, like those found on some Teslas.
“Be vigilant and always keep your hands on the wheel,” he said.