Light Dark
August 10, 2017 By Mark Samuels 2 min read

Security researchers have demonstrated how it is possible to use stickers to get computer vision systems in autonomous vehicles to wrongly identify road signs.

Researchers from the University of Washington and other schools recently published a paper that describes a new attack algorithm, known as Robust Physical Perturbation (RP2). The report, “Robust Physical-World Attacks on Machine Learning Models,” detailed how the algorithm makes it possible for errant individuals to alter standard road signs and create havoc for self-driving car systems.

How Does the Attack Work?

The algorithm works in combination with printed images attached to road signs. These images, which could in theory be created by anyone with access to a color printer, confuse the cameras in autonomous vehicles.

The attack relies on undermining the computer vision systems of autonomous vehicles that have been taught to recognize items on or alongside roads using cameras. Computer vision systems in self-driving cars usually rely on an object detector, which identifies pedestrians, signs and vehicles, and a classifier, which works out the nature of the objects and the meaning of the signs.

Systems may be responsive to small alterations to their inputs, known as perturbations, that can cause the vehicles to operate in unexpected ways, reported Car and Driver. Actors would need to access the classifier and then use the RP2 algorithm to create a new, customized image of the existing road sign.

How the Computer Vision Systems Were Tricked

In one of the attacks, the researchers used the RP2 algorithm to create and print a full-size road sign that was placed over an existing warning sign. They created a stop sign that only looked faded to human eyes but was always read as a Speed Limit 45 sign by the computer vision system.

A second technique relied on placing small black-and-white stickers on a stop sign that, once again, led the computer vision system to wrongly identify a Speed Limit 45 sign.

The researchers reported the attacks were effective at a range of distances and angles. In the conclusion to their paper, they stated that they plan to test their algorithm further by altering other conditions that were not included this time around, such as sign occlusion and alterations to other warning signs.

The Implications for Autonomous Vehicle Design

Security fears over autonomous vehicle technology are nothing new. Experts have long directed attention toward the risk of hacks to in-car systems. Earlier this month, in fact, reports centered on a vulnerability in the Controller Area Network (CAN) Bus standard that could impact the security of connected automobiles.

However, this work demonstrated that computer vision systems can also be put at risk. The potential dangers are clear, particularly for vehicles that already use automatic sign recognition. An attacker with access to both the algorithm and the classifier in the in-car system could trick vehicles into responding incorrectly to signs.

While autonomous vehicle development is still at an early stage, self-driving car designers and in-car system manufacturers should take note of the potential dangers. Tarek El-Gaaly, senior research scientist at Voyage, told Car and Driver that such attacks were cause for concern and they could be easier to imitate in the future.

While the risk is limited now, the research highlighted how autonomous vehicle systems could be at risk from malicious actions in the future. Self-driving vehicle manufacturers and computer vision systems designers should take note.

 |  |  |  |  | 
Mark Samuels
Tech Journalist

More from

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

November 20, 2024

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature