bAdvertisement: Attacking Advanced Driver-Assistance Systems Using Print Advertisements

TL;DR

This paper introduces bAdvertisement, a supply chain attack method that manipulates print ads to deceive ADASs like Mobileye 630 PRO, causing false alerts and highlighting vulnerabilities in object detection systems.

Contribution

The paper presents a novel attack technique exploiting print advertisements to deceive ADASs, revealing weaknesses in object detection that ignore color and context.

Findings

State-of-the-art detectors ignore color and context

Mobileye 630 PRO can be fooled by phantom road signs

Countermeasures can mitigate the attack

Abstract

In this paper, we present bAdvertisement, a novel attack method against advanced driver-assistance systems (ADASs). bAdvertisement is performed as a supply chain attack via a compromised computer in a printing house, by embedding a "phantom" object in a print advertisement. When the compromised print advertisement is observed by an ADAS in a passing car, an undesired reaction is triggered from the ADAS. We analyze state-of-the-art object detectors and show that they do not take color or context into account in object detection. Our validation of these findings on Mobileye 630 PRO shows that this ADAS also fails to take color or context into account. Then, we show how an attacker can take advantage of these findings to execute an attack on a commercial ADAS, by embedding a phantom road sign in a print advertisement, which causes a car equipped with Mobileye 630 PRO to trigger a false notification to slow down. Finally, we discuss multiple countermeasures which can be deployed in order to mitigate the effect of our proposed attack.