Engineers in the US have created a system that can cause automotive radar to hallucinate and see objects that do not exist.
The ‘MadRadar’ spoofing technique developed at Duke University shows that equipment makers need to take steps to safeguard their radar designs. The researchers recommend that carmakers try randomizing a radar system’s operating parameters over time and adding safeguards to the processing algorithms to spot similar attacks.
The technology can hide the approach of an existing car, create a phantom car where none exists or even trick the radar into thinking a real car has quickly deviated from its actual course. This needs no prior knowledge about the specific settings of the target sensors, making it the most troublesome threat to radar security to date say Miroslav Pajic, Associate Professor of Electrical and Computer Engineering and Tingjun Chen, assistant professor of electrical and computer engineering at Duke.
The MadRadar demonstrations were performed on real-world systems in actual cars moving at roadway speeds, and the spoofing system accurately detects a car’s radar parameters in less than a quarter of a second. Once the parameters have been discovered, the system can send out its own radar signals to fool the target’s radar.
In one demonstration, MadRadar sends signals to the target car to make it perceive another car where none actually exist. This involves modifying the signal’s characteristics based on time and velocity in such a way that it mimics what a real contact would look like.
In a second and much more complicated example, it fools the target radar into thinking the opposite — that there is no passing car when one actually does exist. It achieves this by delicately adding masking signals around the car’s true location to create a sort of bright spot that confuses the radar system.
“Without knowing much about the targeted car’s radar system, we can make a fake vehicle appear out of nowhere or make an actual vehicle disappear in real-world experiments,” said Pajic. “We’re not building these systems to hurt anyone, we’re demonstrating the existing problems with current radar systems to show that we need to fundamentally change how we design them.”
“You have to be judicious about adding signals to the radar system, because if you simply flooded the entire field of vision, it’d immediately know something was wrong,” said David Hunt, a PhD student working in Pajic’s lab.
In a third kind of attack, the researchers mix the two approaches to make it seem as though an existing car has suddenly changed course. “Imagine adaptive cruise control, which uses radar, believing that the car in front of me was speeding up, causing your own car to speed up, when in reality it wasn’t changing speed at all,” said Pajic. “If this were done at night, by the time your car’s cameras figured it out you’d be in trouble.”
The paper, MadRadar: A Black-Box Physical Layer Attack Framework on mmWave Automotive FMCW Radars, by David Hunt, Kristen Angell, Zhenzhou Qi, Tingjun Chen, and Miroslav Pajic will be presented at the Network and Distributed System Security Symposium (NDSS) 2024 at the end of February. DOI: 10.14722/ndss.2024.24135