LiDAR (Light Detection And Ranging) is an indispensable sensor for precise long- and wide-range 3D sensing, which directly benefited the recent rapid deployment of autonomous driving (AD). Meanwhile, such a safety-critical application strongly motivates its security research. A recent line of research finds that one can manipulate the LiDAR point cloud and fool object detectors by firing malicious lasers against LiDAR. However, these efforts face 3 critical research gaps: (1) considering only one specific LiDAR (VLP-16); (2) assuming unvalidated attack capabilities; and (3) evaluating object detectors with limited spoofing capability modeling and setup diversity. To fill these critical research gaps, we conduct the first large-scale measurement study on LiDAR spoofing attack capabilities on object detectors with 9 popular LiDARs, covering both first- and new-generation LiDARs, and 3 major types of object detectors trained on 5 different datasets. To facilitate the measurements, we (1) identify spoofer improvements that significantly improve the latest spoofing capability, (2) identify a new object removal attack that overcomes the applicability limitation of the latest method to new-generation LiDARs, and (3) perform novel mathematical modeling for both object injection and removal attacks based on our measurement results. Through this study, we are able to uncover a total of 15 novel findings, including not only completely new ones due to the measurement angle novelty, but also many that can directly challenge the latest understandings in this problem space. We also discuss defenses.

翻译：激光雷达（LiDAR）是精确远程广域三维感知不可或缺的传感器，直接促进了近期自动驾驶（AD）的快速部署。同时，这一安全关键应用也强烈推动了其安全性研究。近期研究系列发现，可通过向激光雷达发射恶意激光来操控点云并欺骗目标检测器。然而，这些研究面临三个关键空白：（1）仅考虑单一特定激光雷达（VLP-16）；（2）假设未经验证的攻击能力；（3）在有限欺骗能力建模与设置多样性下评估目标检测器。为填补这些关键空白，我们首次开展大规模测量研究，涵盖9种主流激光雷达（包括首代与新一代）、基于5种不同数据集训练的3大类目标检测器，系统评估激光雷达欺骗攻击对检测器的影响。为支撑测量，我们：（1）识别出显著提升最新欺骗能力的欺骗器改进方法；（2）发现新型目标移除攻击方法，突破现有方法对新世代激光雷达的适用性限制；（3）基于测量结果建立目标注入与移除攻击的新型数学模型。通过本研究，我们共揭示15项全新发现，既包括测量角度创新带来的全新结论，也包括直接挑战该问题领域最新认知的多项成果。我们还讨论了防御机制。