Revisiting LiDAR Spoofing Attack Capabilities against Object Detection: Improvements, Measurement, and New Attack. (arXiv:2303.10555v1 [cs.CR])

LiDAR (Light Detection And Ranging) is an indispensable sensor for precise
long- and wide-range 3D sensing, which directly benefited the recent rapid
deployment of autonomous driving (AD). Meanwhile, such a safety-critical
application strongly motivates its security research. A recent line of research
demonstrates that one can manipulate the LiDAR point cloud and fool object
detection by firing malicious lasers against LiDAR. However, these efforts face
3 critical research gaps: (1) evaluating only on a specific LiDAR (VLP-16); (2)
assuming unvalidated attack capabilities; and (3) evaluating with models
trained on limited datasets.

To fill these critical research gaps, we conduct the first large-scale
measurement study on LiDAR spoofing attack capabilities on object detectors
with 9 popular LiDARs in total and 3 major types of object detectors. To
perform this measurement, we significantly improved the LiDAR spoofing
capability with more careful optics and functional electronics, which allows us
to be the first to clearly demonstrate and quantify key attack capabilities
assumed in prior works. However, we further find that such key assumptions
actually can no longer hold for all the other (8 out of 9) LiDARs that are more
recent than VLP-16 due to various recent LiDAR features. To this end, we
further identify a new type of LiDAR spoofing attack that can improve on this
and be applicable to a much more general and recent set of LiDARs. We find that
its attack capability is enough to (1) cause end-to-end safety hazards in
simulated AD scenarios, and (2) remove real vehicles in the physical world. We
also discuss the defense side.