Low-cost distance-spoofing attack on FMCW radar and its feasibility study on countermeasure

Abstract

In this paper, we present a low-cost distance-spoofing attack on a millimeter-wave frequency-modulated continuous wave (FMCW) radar. It uses only a replica radar chipset and a single compact microcontroller board in mass production. No expensive and bulky test instrument is required; hence, a low-cost and lightweight attack setup is developed. Despite the limited hardware resources used in this setup, the replica radar can be precisely synchronized with the target radar for distance spoofing. A half-chirp modulation scheme enables timing compensation between crystal oscillators on the replica and the target radar boards. A two-step delay insertion scheme precisely controls the relative delay difference between two radars at nanosecond order; consequently, the attacker can manipulate the distance measured at the target radar with only a $$\pm \,10$$ m ranging error. Moreover, the feasibility of spoofing attacks on a conventional countermeasure employing random-chirp modulation is discussed. Simulation-based experiments reveal that the attack occurs successfully by estimating the random chirp pattern. This demonstrates the potential feasibility of low-cost malicious attacks on commercial FMCW radar as a physical security threat.