Security researchers have demonstrated how it is possible to use stickers to get computer vision systems in autonomous vehicles to wrongly identify road signs.

Researchers from the University of Washington and other schools recently published a paper that describes a new attack algorithm, known as Robust Physical Perturbation (RP2). The report, “Robust Physical-World Attacks on Machine Learning Models,” detailed how the algorithm makes it possible for errant individuals to alter standard road signs and create havoc for self-driving car systems.

How Does the Attack Work?

The algorithm works in combination with printed images attached to road signs. These images, which could in theory be created by anyone with access to a color printer, confuse the cameras in autonomous vehicles.

The attack relies on undermining the computer vision systems of autonomous vehicles that have been taught to recognize items on or alongside roads using cameras. Computer vision systems in self-driving cars usually rely on an object detector, which identifies pedestrians, signs and vehicles, and a classifier, which works out the nature of the objects and the meaning of the signs.

Systems may be responsive to small alterations to their inputs, known as perturbations, that can cause the vehicles to operate in unexpected ways, reported Car and Driver. Actors would need to access the classifier and then use the RP2 algorithm to create a new, customized image of the existing road sign.

How the Computer Vision Systems Were Tricked

In one of the attacks, the researchers used the RP2 algorithm to create and print a full-size road sign that was placed over an existing warning sign. They created a stop sign that only looked faded to human eyes but was always read as a Speed Limit 45 sign by the computer vision system.

A second technique relied on placing small black-and-white stickers on a stop sign that, once again, led the computer vision system to wrongly identify a Speed Limit 45 sign.

The researchers reported the attacks were effective at a range of distances and angles. In the conclusion to their paper, they stated that they plan to test their algorithm further by altering other conditions that were not included this time around, such as sign occlusion and alterations to other warning signs.

The Implications for Autonomous Vehicle Design

Security fears over autonomous vehicle technology are nothing new. Experts have long directed attention toward the risk of hacks to in-car systems. Earlier this month, in fact, reports centered on a vulnerability in the Controller Area Network (CAN) Bus standard that could impact the security of connected automobiles.

However, this work demonstrated that computer vision systems can also be put at risk. The potential dangers are clear, particularly for vehicles that already use automatic sign recognition. An attacker with access to both the algorithm and the classifier in the in-car system could trick vehicles into responding incorrectly to signs.

While autonomous vehicle development is still at an early stage, self-driving car designers and in-car system manufacturers should take note of the potential dangers. Tarek El-Gaaly, senior research scientist at Voyage, told Car and Driver that such attacks were cause for concern and they could be easier to imitate in the future.

While the risk is limited now, the research highlighted how autonomous vehicle systems could be at risk from malicious actions in the future. Self-driving vehicle manufacturers and computer vision systems designers should take note.

More from

Abuse of Privilege Enabled Long-Term DIB Organization Hack

From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to an advanced cyberattack on a Defense Industrial Base (DIB) organization’s enterprise network. During that time frame, advanced persistent threat (APT) adversaries used an open-source toolkit called Impacket to breach the environment and further penetrate the organization’s network. Even worse, CISA reported that multiple APT groups may have hacked into the organization’s network. Data breaches such as these are almost always the result of compromised endpoints…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Worms of Wisdom: How WannaCry Shapes Cybersecurity Today

WannaCry wasn't a particularly complex or innovative ransomware attack. What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol. As a result, when the WannaCry "ransomworm" hit networks in 2017, it expanded to wreak havoc on high-profile systems worldwide. While the discovery of a "kill switch" in the code blunted the spread of the attack and newly…