LiDAR (Light Detection and Ranging) is a pivotal sensor for autonomous driving, offering precise 3D spatial information. Previous signal attacks against LiDAR systems mainly exploit laser signals. In this paper, we investigate the possibility of cross-modality signal injection attacks, i.e., injecting intentional electromagnetic interference (IEMI) to manipulate LiDAR output. Our insight is that the internal modules of a LiDAR, i.e., the laser receiving circuit, the monitoring sensors, and the beam-steering modules, even with strict electromagnetic compatibility (EMC) testing, can still couple with the IEMI attack signals and result in the malfunction of LiDAR systems. Based on the above attack surfaces, we propose the PhantomLiDAR attack, which manipulates LiDAR output in terms of Points Interference, Points Injection, Points Removal, and even LiDAR Power-Off. We evaluate and demonstrate the effectiveness of PhantomLiDAR with both simulated and real-world experiments on five COTS LiDAR systems. We also conduct feasibility experiments in real-world moving scenarios. We provide potential defense measures that can be implemented at both the sensor level and the vehicle system level to mitigate the risks associated with IEMI attacks. Video demonstrations can be viewed at https://sites.google.com/view/phantomlidar.

翻译：激光雷达（光探测与测距）是自动驾驶的关键传感器，能够提供精确的三维空间信息。以往针对激光雷达系统的信号攻击主要利用激光信号。本文研究了跨模态信号注入攻击的可能性，即通过注入有意的电磁干扰来操控激光雷达输出。我们的核心观点是：激光雷达的内部模块——包括激光接收电路、监控传感器和光束转向模块——即使经过严格的电磁兼容性测试，仍可能与IEMI攻击信号耦合，导致激光雷达系统功能异常。基于上述攻击面，我们提出了PhantomLiDAR攻击，该攻击能够在点云干扰、点云注入、点云移除甚至激光雷达断电等方面操控雷达输出。我们通过仿真和真实实验对五款商用现货激光雷达系统进行了评估，验证了PhantomLiDAR的有效性。同时，我们在真实移动场景中进行了可行性实验。我们提出了可在传感器层面和车辆系统层面实施的潜在防御措施，以降低IEMI攻击相关风险。视频演示可通过https://sites.google.com/view/phantomlidar查看。