FMCW radars are integral to automotive driving for robust and weather-resistant sensing of surrounding objects. However, these radars are vulnerable to spoofing attacks that can cause sensor malfunction and potentially lead to accidents. For instance, an attacker driving ahead of a radar-equipped victim’s vehicle can manipulate the radar signals such that the victim radar measures a false distance to the attacker vehicle (as shown in figure). Upon falsely detecting the attacker’s phantom vehicle, the radar may trigger the vehicle to apply a sudden brake, risking the passenger’s life and causing accidents.
Previous attempts at spoofing FMCW radars using an attacker device have not been very effective due to the need for synchronization between the attacker and the victim. We present a novel spoofing mechanism called mmSpoof that does not require synchronization and is resilient to various security features and countermeasures of the victim radar. Our spoofing mechanism uses a “reflect array” based attacker device that reflects the radar signal with appropriate modulation to spoof the victim’s radar. We provide insights and mechanisms to flexibly spoof any distance and velocity on the victim’s radar using a unique frequency shift at the mmSpoof’s reflect array. We design a novel algorithm to estimate this frequency shift without assuming prior information about the victim’s radar. We show the effectiveness of our spoofing using a compact and mobile setup with commercial-off-the-shelf components in realistic automotive driving scenarios with commercial radars.
|
|