You are here


Tricking LIDARS and robocars

Much press has been made over Jonathan Petit's recent disclosure of an attack on some LIDAR systems used in robocars. I saw Petit's presentation on this in July, but he asked me for confidentiality until they released their paper in October. However, since he has decided to disclose it, there's been a lot of press, with truth and misconceptions.

There are many security aspects to robocars. By far the greatest concern would be compromise of the control computers by malicious software, and great efforts will be taken to prevent that. Many of those efforts will involve having the cars not talk to any untrusted sources of code or data which might be malicious. The car's sensors, however, must take in information from outside the vehicle, so they are another source of compromise.

There are ways to compromise many of the sensors on a robocar. GPS can be easily spoofed, and there are tools out there to do that now. (Fortunately real robocars will only use GPS as one clue to their location.) Radar is also very easy to spooof -- far easier than LIDAR, agrees Petit -- but their goal was to see if LIDAR is vulnerable.

The attack is a real one, but at the same time it's not, in spite of the press, a particularly frightening one. It may cause a well designed vehicle to believe there are "ghost" objects that don't actually exist, so that it might brake for something that's not there, or even swerve around it. It might also overwhelm the sensor, so that it feels the sensor has failed, and thus the car would go into a failure mode, stopping or pulling off the road. This is not a good thing, of course, and it has some safety consequences, but it's also a fairly unlikely attack. Essentially, there are far easier ways to do these things that don't involve the LIDAR, so it's not too likely anybody would want to mount such an attack.

Indeed, to do these attacks, you need to be physically present, near the target car, and you need a solid object that's already in front of the car, such as the back of a truck that it's following. (It is possible the road surface might work.) This is a higher bar than attacks which might be done remotely (such as computer intrusions) or via radio signals (such as with hypothetical vehicle-to-vehicle radio, should cars decide to use that tech.)

Here's how it works: LIDAR works by sending out a very short pulse of laser light, and then waiting for the light to reflect back. The pulse is a small dot, and the reflection is seen through a lens aimed tightly at the place the pulse was sent. The time it takes for the light to come back tells you how far away the target is, and the brightness tells you how reflective it is, like a black-and-white photo.

To fool a lidar, you must send another pulse that comes from or appears to come from the target spot, and it has to come in at just the right time, before (or on some, after) the real pulse from what's really in front of the LIDAR comes in.

The attack requires knowing the characteristics of the target LIDAR very well. You must know exactly when it is going to send its pulses before it sends them, and thus precisely (to the nanosecond) when a return reflection ("return") would arrive from a hypothetical object in front of the LIDAR. Many LIDARS are quite predictable. They scan a scene with a rotating drum, and you can see the pulses coming out, and know when they will be sent.


Meeting on a narrow road

Jean-Louis Gassée, while a respected computer entrepreneur, wrote a critical post on robocars recently which matches a very common pattern of critical articles:

The pattern is as follows:


To fix human attack on the Hugo awards, you need humans

I wrote earlier on the drama that ensued when a group of SF writers led a campaign to warp the nomination process by getting a small but sufficiently large group of supporters to collude on nominating a slate of candidates. The way the process works, with the nomination being a sampling process where a thousand nominators choose from thousands of works, it takes only a 100-200 people working together to completely take over the process, and in some cases, they did -- to much uproar.

In the aftermath, there was much debate about what to do about it. Changes to the rules are in the works, but due to a deliberate ratification process, they mostly can't take effect until the 2017 award.

One popular proposal, called E Pluribus Hugo appeals, at least initially, to the nerdy mathematician in many of us. Game theory tries to design voting systems that resist attack. This is such a proposal, which works to diminish the effect that slate collusion can have, so that a slate of 5 might get fewer than 5 (perhaps just 1 or 2) onto the ballot. It is complex but aimed to make it possible for people to largely nominate the same way as before. My fear is that it modestly increases the reward for "strategic" voting. With strategic voting, you are not colluding, but you deliberately leave choices you like off your ballot to improve the chances of other choices you like more.


Singularity University Closing Ceremony Thursday Evening in San Jose

After a hard 10 weeks, our Singularity University Graduate class for 2015 will have its closing ceremony this Thursday night. If you are in the Bay Area, consider coming down to join luminaries of the SFBA accelerating technology community at San Jose's California theater and see presentations from the 5 top student teams as well as tables and posters from all 24 of them. With 80 students from 40 countries it's an eclectic and amazing group.

You can get Event info and tickets here.

Google Alphabet: Is it good for robocars?

Everybody has heard about Google's restructuring. In the restructuring, Google [x], which includes the self-driving car division, will be a subsidiary of the new Alphabet holding company, and no longer part of Google.

Having been a consultant on that team, I have some perspective to offer on how the restructuring might affect the companies that become Alphabet subsidiaries and leave the Google umbrella.


Automated Vehicles Symposium Days 1 and 2

From small beginnings, over 800 people are here at the Ann Arbor AUVSI/TRB Automated Vehicles symposium. Let's summarize some of the news.

Test Track

Lots of PR about the new test track opening at University of Michigan. I have not been out to see it, but it certainly is a good idea to share one of these rather than have everybody build their own, as long as you don't want to test in secret.


Automated Vehicles Symposium Day 0: When do robocars become cheaper than standard cars?

I'm in the Detroit area for the annual TRB/AUVSI Automated Vehicle Symposium, which starts tomorrow. Today, those in Ann Arbor attended the opening of the new test track at the University of Michigan. Instead, I was at a small event with a lot of good folks in downtown Detroit, sponsored by SAFE which is looking to wean the USA off oil.

Much was discussed, but a particularly interesting idea was just how close we are getting to something I had put further in the future -- robocars that are cheaper than ordinary cars.


Will Robocars vastly increase battery life?

We know electric cars are getting better and likely to get popular even when driven by humans. Tesla, at its core, is a battery technology company as much as it's a car company, and it is sometimes joked that the $85,000 Telsa with a $40,000 battery is like buying a battery with a car wrapped around it. (It's also said that it's a computer with a car wrapped around it, but that's a better description of a robocar.) (Update: Since this article was written, the cost of the Tesla battery has dropped to closer to $20,000.)

Some Q&A on Robocars via Singularity U

At Singularity U, we're releasing a new video series answering questions about our future technology topics that come from Twitter. My segment is one of the first, and while regular readers of my blog will probably have seen me talk about most of these, here is the video:


Facebook makes less than $10/user, can we find alternatives to advertising?

Facebook's ARPU (average revenue per user, annualized) in the last quarter was just under $10, declining slightly in the USA and Canada, and a much lower 80 cents in the rest of the world. This is quite a bit less than Google's which hovers well over $40.


Google not hitting Delphi, going to Austin -- Vislab sold

The press were all a-twitter about a report from Reuters that there had been a near miss between Delphi's test car and one of Google's though it was quickly denied that anything happened

The situation described, one car cutting off another, was a very unlikely one for several reasons:


Just a couple more days to apply for our exponential tech startup incubator

At Singularity University, our students have been forming interesting ventures after the class for the past 6 years. This fall, we'll also be starting an SU Startup Accelerator for nascent startups working on exponential technology to solve the world's biggest problems. We will be accelerating both for-profit ventures (for the world's greatest problems can also be the greatest opportunities) and $50K grants for non-profit efforts.

Replacing E-mail: The calendar as communications tool

I want to begin a series of thoughts on how E-mail has failed us and what we should do about it.

Yes, E-mail has failed, and not, as we thought, because it got overwhelmed with spam. There is tons of spam but we seem to be handling it. The problem might be better described as "too much signal" rather than the signal/noise ratio. There are three linked problems:


Robocars and Ultracapacitors (and other energy sources)

A reader recently asked about the synergies between robocars and ultracapacitors/supercapacitors. It turns out they are not what you would expect, and it teaches some of the surprising lessons of robocars.


Google Accidents, Baidu Cars, Startups and more news roundup

2 months mostly on the road, so here's a roundup of the "real" news stories in the field.


Don't be fooled by robots falling down at Darpa Robotics Challenge

This weekend I went to Pomona, CA for the 2015 DARPA Robotics Challenge which had robots (mostly humanoid) compete at a variety of disaster response and assistance tasks. This contest, a successor of sorts to the original DARPA Grand Challenge which changed the world by giving us robocars, got a fair bit of press, but a lot of it was around this video showing various robots falling down when doing the course:

What you don't hear in this video are the cries of sympathy from the crowd of thousands watching -- akin to when a figure skater might fall down -- or the cheers as each robot would complete a simple task to get a point. These cheers and sympathies were not just for the human team members, but in an anthropomorphic way for the robots themselves. Most of the public reaction to this video included declarations that one need not be too afraid of our future robot overlords just yet. It's probably better to watch the DARPA official video which has a little audience reaction.

Don't be fooled as well by the lesser-known fact that there was a lot of remote human tele-operation involved in the running of the course.

Check out my Gallery of Photos from the DARPA Robotics Challenge Finals.

What you also don't see in this video is just how very far the robots have come since the first round of trials in December 2013. During those trials the amount of remote human operation was very high, and there weren't a lot of great fall videos because the robots had tethers that would catch them if they fell. (These robots are heavy and many took serious damage when falling, so almost all testing is done with a crane, hoist or tether able to catch the robot during the many falls which do occur.)

We aren't yet anywhere close to having robots that could do tasks like these autonomously, so for now the research is in making robots that can do tasks with more and more autonomy with higher level decisions made by remote humans. The tasks in the contest were:

  • Starting in a car, drive it down a simple course with a few turns and park it by a door.
  • Get out of the car -- one of the harder tasks as it turns out, and one that demanded a more humanoid form
  • Go to a door and open it
  • Walk through the door into a room
  • In the room, go up to a valve with circular handle and turn it 360 degrees
  • Pick up a power drill, and use it to cut a large enough hole in a sheet of drywall
  • Perform a surprise task -- in this case throwing a lever on day one, and on day 2 unplugging a power cord and plugging it into another socket
  • Either walk over a field of cinder blocks, or roll through a field of light debris
  • Climb a set of stairs

The robots have an hour to do this, so they are often extremely slow, and yet to the surprise of most, the audience -- a crowd of thousands and thousands more online -- watched with fascination and cheering. Even when robots would take a step once a minute, or pause at a task for several minutes, or would get into a problem and spend 10 minutes getting fixed by humans as a penalty.

Google Accidents and Deployment, Mercedes Trucks and more

Some headlines (I've been on the road and will have more to say soon.)

Google announces it will put new generation buggies on city streets

Google has done over 2.7 million km of testing with their existing fleet, they announced. Now, they will be putting their small "buggy" vehicle onto real streets in Mountain View. The cars will stick to slower streets and are NEVs that only go 25mph.


Second musings on the the Hugo Awards and the fix

Last week's Hugo Awards point of crisis caused a firestorm even outside the SF community. I felt it time to record some additional thoughts above the summary of many proposals I did.


People get carsick as passengers? Shocking!

Earlier this week I was sent some advance research from the U of Michigan about car sickness rates for car passengers. I found the research of interest, but wish it had covered some questions I think are more important, such as how carsickness is changed by potentially new types of car seating, such as face to face or along the side.


Hugo awards suborned, what can or should be done?

Since 1992 I have had a long association with the Hugo Awards for SF & Fantasy given by the World Science Fiction Society/Convention. In 1993 I published the Hugo and Nebula Anthology which was for some time the largest anthology of current fiction every published, and one of the earliest major e-book projects. While I did it as a commercial venture, in the years to come it became the norm for the award organizers to publish an electronic anthology of willing nominees for free to the voters.

This year, things are highly controversial, because a group of fans/editors/writers calling themselves the "Sad Puppies," had great success with a campaign to dominate the nominations for the awards. They published a slate of recommended nominations and a sufficient number of people sent in nominating ballots with that slate so that it dominated most of the award categories. Some categories are entirely the slate, only one was not affected. It's important to understand the nominating and voting on the Hugos is done by members of the World SF Society, which is to say people who attend the World SF Convention (Worldcon) or who purchase special "supporting" memberships which don't let you go but give you voting rights. This is a self-selected group, but in spite of that, it has mostly manged to run a reasonably independent vote to select the greatest works of the year. The group is not large, and in many categories, it can take only a score or two of nominations to make the ballot, and victory margins are often small. As such, it's always been possible, and not even particularly hard, to subvert the process with any concerted effort. It's even possible to do it with money, because you can just buy memberships which can nominate or vote, so long as a real unique person is behind each ballot.

The nominating group is self-selected, but it's mostly a group that joins because they care about SF and its fandom, and as such, this keeps the award voting more independent than you would expect for a self-selected group. But this has changed.

The reasoning behind the Sad Puppy effort is complex and there is much contentious debate you can find on the web, and I'm about to get into some inside baseball, so if you don't care about the Hugos, or the social dynamics of awards and conventions, you may want to skip this post.



Subscribe to RSS - blogs