September 9, 2015 By Shane Schick 2 min read

You might assume a self-driving car would be so sophisticated as to be unhackable, but a security researcher has shown it could cost little more than $60 to manipulate an autonomous vehicle in dangerous ways.

The Guardian described an upcoming presentation at the Black Hat Europe security conference where consultant Jonathan Petit will demonstrate the attack. Using just a makeshift laser pointer, the technique involves duping a self-driving car’s lidar, the laser ranging systems that help the cars see what’s around them. Petit’s paper suggested attackers would not need advanced equipment to trick autonomous vehicles into seeing another car or person. An Arduino or Raspberri Pi computer would work for attacks of up to 100 meters in range.

Petit, formerly a fellow from the University of Cork’s Computer Security Group in Ireland, told IEEE Spectrum that the lidar represents a high-risk area of vulnerability since the sensory input it provides is essential to a self-driving car. His research showed that cybercriminals would be able to conduct denial-of-service attacks specific to autonomous vehicles. Even vehicles operated by human beings might prove equally susceptible to phony images interfering with tools such as driver assistance programs.

The ability to attack a self-driving car comes as automakers grapple with a delicate balance between integrating more technology-driven functions and ensuring drivers and passengers don’t fall victim to attackers. As Silicon Republic pointed out, Chrysler is just one of the major manufacturers to recall thousands of vehicles over potentially risky software updates or vulnerabilities in radio equipment.

Of course, some people may not need the threat of cyberattacks to be put off by the notion of a self-driving car. ITProPortal mentioned that Petit’s research only builds upon questions about the basic operating performance of autonomous vehicles after early models created by Google and Delphi came close to crashing during testing.

The same story noted that BT has set up a team of ethical hackers to try to detect more nefarious ways to tamper with cars that drive themselves — though they may not have orignally thought about the risks of a laser pointer.

More from

Is the water safe? The state of critical infrastructure cybersecurity

4 min read - On September 25, CISA issued a stark reminder that critical infrastructure remains a primary target for cyberattacks. Vulnerable systems in industrial sectors, including water utilities, continue to be exploited due to poor cyber hygiene practices. Using unsophisticated methods like brute-force attacks and leveraging default passwords, threat actors have repeatedly managed to compromise operational technology (OT) and industrial control systems (ICS).Attacks on the industrial sector have been particularly costly. The 2024 IBM Cost of a Data Breach report found the average total…

Cybersecurity trends: IBM’s predictions for 2025

4 min read - Cybersecurity concerns in 2024 can be summed up in two letters: AI (or five letters if you narrow it down to gen AI). Organizations are still in the early stages of understanding the risks and rewards of this technology. For all the good it can do to improve data protection, keep up with compliance regulations and enable faster threat detection, threat actors are also using AI to accelerate their social engineering attacks and sabotage AI models with malware.AI might have…

Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?

3 min read - IBM’s X-Force team recently released the latest edition of the Cloud Threat Landscape Report for 2024, providing a comprehensive outlook on the rise of cloud infrastructure adoption and its associated risks.One of the key takeaways of this year’s report was focused on the gradual decrease in Software-as-a-Service (SaaS) platforms being mentioned across dark web marketplaces. While this trend potentially points to more cloud platforms increasing their defensive posture and limiting the number of exploits or compromised credentials that are surfacing,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today