Hackers can paralyse a driverless car by exploiting its laser navigation systems and sensors to trick it into thinking it will collide with another car, person or obstacle, according to security research.
A cheap low-power laser allows hackers to trick the Lidar 3D imaging systems, which autonomous vehicles use to navigate and build a picture of their surroundings, into thinking there is something in front of them forcing them to slow, stop or take evasive action.
Jonathan Petit, former research fellow in the University of Cork's Computer Security Group, discovered the exploit while conducting research into the cyber vulnerabilities of autonomous vehicles.
His research, due to be presented at the Black Hat Europe security conference in November, explained that the combination of a low-power laser and a pulse generator allowed him to record non-encoded or encrypted laser pulses from commercial Lidar systems.
He could then replicate them with a laser and create fake objects that fool a driverless car into thinking it is about to encounter an obstacle.
"I can take echoes of a fake car and put them at any location I want. And I can do the same with a pedestrian or a wall," Petit told IEEE Spectrum.
"I can spoof thousands of objects and basically carry out a denial-of-service attack on the tracking system so it's not able to track real objects."
Petit explained that the core of the exploit is the poor input systems of some driverless cars, meaning that they can make bad decisions on the data they gather from the road and surrounding environment.
"If a self-driving car has poor inputs, it will make poor driving decisions," he said.
Lidar laser ranging technology costs thousands of pounds, but Petit demonstrated that cars could be hacked cheaply with readily available products. "You can easily do it with a Raspberry Pi or an Arduino. It's really off the shelf," he said.
Petit's research indicates that some of the concerns around driverless car security have some grounding, even as the technology is cleared for testing on UK roads.
The increasing amount of connected technology being stuffed into cars is also opening vehicles to more hacking vulnerabilities.
Q3 losses reverse Q2 gains
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security'
Kaspersky rejects FBI accusations that its products are a 'threat to national security'
But breached contractor says that it simply didn't have that much data
EE follows Three in threatening legal action against Ofcom - but for entirely different reasons