Spoofing Attack on Ultrasonic Distance Sensors Using a Continuous Signal

Ultrasonic distance sensors use an ultrasonic pulse’s time of flight to calculate the distance to the reflecting object. Widely used in industry, these sensors are an important component in autonomous vehicles, where they are used for such tasks as object avoidance and altitude measurement. The proper operation of such autonomous vehicles relies on sensor measurements; therefore, an adversary that has the ability to undermine the sensor’s reliability can pose a major risk to the vehicle. Previous attempts to alter the measurements of this sensor using an external signal succeeded in performing a denial-of-service (DoS) attack, in which the sensor’s reading showed a constant value, and a spoofing attack, in which the attacker could control the measurement to some extent. However, these attacks require precise knowledge of the sensor and its operation (e.g., timing of the ultrasonic pulse sent by the sensor). In this paper, we present an attack on ultrasonic distance sensors in which the measured distance can be altered (i.e., spoofing attack). The attack exploits a vulnerability discovered in the ultrasonic sensor’s receiver that results in a fake pulse that is produced by a constant noise in the input. A major advantage of the proposed attack is that, unlike previous attacks, a constant signal is used, and therefore, no prior knowledge of the sensor’s relative location or its timing behavior is required. We demonstrate the attack in both a lab setup (testbed) and a real setup involving a drone to demonstrate its feasibility. Our experiments show that the attack can interfere with the proper operation of the vehicle. In addition to the risk that the attack poses to autonomous vehicles, it can also be used as an effective defensive tool for restricting the movement of unauthorized autonomous vehicles within a protected area.