Autopilot's "dead hole" in sensor interference point
mob604757044d68 2021-07-20 04:51:54

From the concept of autopilot to Tesla 、 Google 、 The practice of Baidu and other companies , It stimulates people's longing for the future transportation mode . However , The fatal accident caused by Tesla autopilot not long ago , And then the auto industry and IT The industry's review of automatic driving safety .

The third 24 the Defcon At the conference , come from 360 Liu Jianhao of the company, Professor Xu Wenyuan from Zhejiang University and her student Yan Chen jointly released their joint research results . It's the first time in history that it's demonstrated through an attack on an environmental sensor on a car , Can lead to automatic parking 、 Failure of automatic driving and other functions , Even serious safety accidents .


Their speech is scheduled for one o'clock in the afternoon Defcon In the auditorium , Less than 12 Half past six , Someone came to line up after lunch , Safety bull reporter also listened to the speech at the scene . The author is in 12 spot 45 When he arrived at five o'clock , The audience waiting to enter at the gate has already lined up for tens of meters . Enter the lecture hall , Find a seat and sit down , The speech begins at one o'clock .

The speech was jointly completed by Liu Jianhao and Yan Chen . First , Liu Jianhao introduced some basic concepts of automatic driving to the audience . original , according to SAE Given the criteria for autonomous driving , Tesla's AutoPilot Belong to L3 Semi autonomous driving , And Google is experimenting with unmanned cars , It belongs to L5 It's completely autonomous . All of you here are experts in the field of security , But for the Internet of vehicles and autonomous driving , Most of the people are strange . There are a lot of people in the bow record or use mobile phone shooting scene shot PPT.


From the left : Yan Chen 、 Liu Jianhao

Liu Jianhao further introduced the technical framework of automatic driving . Because this attack is against sensors , So Liu Jianhao specially introduced the environmental sensors used by Tesla autopilot . Including ultrasonic sensors for close range measurements , Radar sensors for remote measurement and cameras for image recognition . The researcher's attack is aimed at these three types of sensors .

Next , Yan Chen began to explain and demonstrate specific attacks against various types of sensors .

First of all ultrasonic sensor . Among the models of many manufacturers , Ultrasonic sensors are used by the parking aid system to determine the location of obstacles Yes no And the distance from the obstacle . And Yan Chen, they used low-cost Arduino And ultrasonic generators ( The total price is just 40 dollar ), Interfere with the ultrasonic signal of the ultrasonic sensor . Start blocking ( Be similar to DoS) attack , Spoofing attacks and signal cancellation .

Yan Chen's presentation is a combination of cartoon and video . Caricature is a typical style of humorous caricature in Europe and America , And the video shows all kinds of attacks on the sensor . In one of the videos , Yan Chen stood in front of the car , Turn on Tesla's autopilot mode , There's an obstacle ahead on the screen , The car doesn't start , And when Yan Chen turns on the attack mode , No one moved , The obstacles on the screen are gone . And the car started and hit people . When the car was cheated and started successfully , There was a big round of applause .  

Next is about Radar sensors The attack of . Attacks against radar sensors need to simulate radar signals , Signal oscillator and signal analysis instrument are needed . Yan Chen joked that , This batch of equipment is worth 3 Two Model S, If the experiment fails and the device crashes , He won't be able to graduate . There was a lot of laughter .

Attacks on radar sensors , The main demonstration is the blocking attack . The principle is similar to the attack of ultrasonic sensors , Use the noise signal to suppress the signal of the radar itself , It makes the sensor misjudge the distance . alike , The combination of cartoon and video is very attractive . Although both speakers are not native speakers of English , The enthusiastic response of the audience seemed to be unaffected by the language , Applause and laughter .

And then it's about right MobileEye Video cameras The attack of . Here are two speakers showing “ Use a laser beam to make MobileEye My video camera is completely out of order ” The attack tactics of . MobileEye It's the provider of autonomous driving technology for Tesla . This study also reveals MobileEye There is a potential risk of being attacked . 

Last , Yan Chen concluded that , This kind of attack proves that it is feasible in practice to attack a car in automatic driving mode through sensors . Although the attack shown is not easy to achieve , however , If it's a targeted attack , There are certain safety risks in automatic driving . The end of the speech , There was another round of applause .

After the meeting , I had a simple exchange with Liu Jianhao, one of the speakers .

 picture Safe cattle  picture Jianhao , Congratulations to you and Yan Chen , Your speech was very good .
Liu Jianhao : thank you , We are also very happy , Yan Chen for this PPT A lot of preparation . The foreigners at the scene were shocked . This time, it also made them look up to China's automobile information security .
 picture Safe cattle This year black hat and Defcon Speech , The most popular one about car cracking is you , One is Charlie Miller They cracked that Jeep Of . I heard from Mr. Tan that in fact, your level last year was very close to theirs . Can you tell me something about your research ?
Liu Jianhao : Car safety 360 A lot of investment , We have a team that specializes in car safety , At the same time, we have cooperation with many automobile manufacturers . Our security research covers many aspects . For example, yesterday my colleagues Li Jun and Zeng Yingtao were in Defcon The topic of communication in the technical Salon of is also about the abnormal detection of automobile safety and the safety of automobile anti-theft lock . In fact, I think in terms of the systematicness and breadth of the research , We've even surpassed Charlie Miller The team , Because after all, they just do research in their spare time out of their personal interests .
 picture Safe cattle  picture Jianhao , What do you think is the biggest difficulty in automotive information security ?
Liu Jianhao : I think the biggest problem is that we are engaged in security or IT It's different from the design concept and cultural background of auto control engineers from auto manufacturers , This makes communication very difficult . For example, we once participated in a technical exchange with a car factory . We just feel , There is a big gap between the product concepts of both sides . We don't understand their product design ideas , They don't agree with our product design philosophy . In this way, it is very difficult to carry out in-depth cooperation with the car factory in terms of safety .
 picture Safe cattle
exactly , last year Charlie Miller They're such a blockbuster cracker Jeep The car case . It's as if they said they would contact the car factory, but they were ignored .
Liu Jianhao : We're OK , The cooperation with the car factory is quite close . It's mainly a running in process .
 picture Safe cattle
Thank you Jianhao for our interview , Also thanks 360 The team and Professor Xu Wenyuan's team have brought us wonderful research .
Liu Jianhao : thank you . We will continue to work hard .

Safety bull review
This time, Defcon The attack shown on , The basic idea is similar to the attack of Stuxnet virus on Iran's Natanz nuclear plant . That is to say, they all attack external environment variables , To cheat the system . This kind of attack is aimed at the Internet of things system at present ( For example, industrial control and Internet of vehicles system ) The main means of attack . The difference is , Earthquake network virus attacks the transmission stage after sensor analog-to-digital conversion ( Blocking the data transmission of centrifugal pump speed back to DCS), Yan Chen's attack is to interfere in the phase of analog signal . It's even harder to guard against . Because it's a sensor attack , So it's hard to be able to effectively prevent , Although Yan Chen mentioned in his speech that by increasing the number of sensors , Introduce some anomaly detection mechanisms and other methods , but The author thinks Unless we redesign the security architecture of the Internet of vehicles , Otherwise, these methods can only reduce the risk , It's not a cure .
When it comes to security architecture design , We have to talk about the security design concept of Internet of things products . There is an essential difference between the Internet of things and the Internet , The Internet of things deals with physical assets , And the Internet /IT Dealing with digital assets . The characteristic of digital assets is that they are easy to copy , So we should pay attention to the protection of digital assets “ Loss prevention ” Don't care “ Prevent damage ”( Damage is easy to recover ). Physical assets are the opposite , It's about valuing “ Prevent damage ” Don't care “ Loss prevention ”( The loss is easy to detect ). So with the Internet /IT When we design IOT security products based on our product ideas , Often will encounter like Liu Jianhao, they encounter with the other side of the concept of different situations . therefore , For enterprises committed to the security of the Internet of things , To break from the Internet /IT The usual idea of product design , Only in this way can we really design security products suitable for the Internet of things .

Please bring the original link to reprint ,thank
Similar articles