Spoofing Attacks Against Vehicular FMCW Radar

The safety and security of the passengers in vehicles in the face of cyber attacks is a key concern in the automotive industry, especially with the emergence of the Advanced Driver Assistance Systems (ADAS) and the vast improvement in Autonomous Vehicles (AVs). Such platforms use various sensors, including cameras, LiDAR and mmWave radar. These sensors themselves may present a potential security hazard if exploited by an attacker. In this paper we propose a system to attack an automotive FMCW mmWave radar, that uses fast chirp modulation. Using a single rogue radar, our attack system is capable of spoofing the distance and velocity measured by the victim vehicle simultaneously, presenting phantom measurements coherent with the laws of physics governing vehicle motion. The attacking radar controls the delay in order to spoof its distance, and uses phase compensation and control in order to spoof its velocity. After developing the attack theory, we demonstrate the spoofing attack by building a proof-of-concept hardware-based system, using a Software Defined Radio. We successfully demonstrate two real world scenarios in which the victim radar is spoofed to detect either a phantom emergency stop or a phantom acceleration, while measuring coherent range and velocity. We also discuss several countermeasures that can mitigate the described attack.