Abstract
Image sensors are integral to a wide range of safety- and security-critical systems, including surveillance infrastructure, autonomous vehicles, and industrial automation. These systems rely on the integrity of visual data to make decisions. In this work, we investigate a novel class of electromagnetic signal injection attacks that target the analog domain of image sensors, allowing adversaries to manipulate raw visual inputs without triggering conventional digital integrity checks. We uncover a previously undocumented attack phenomenon on CMOS image sensors: rainbow-like color artifacts induced in images captured by image sensors through carefully tuned electromagnetic interference. We further evaluate the impact of these attacks on state-of-the-art object detection models, showing that the injected artifacts propagate through the image signal processing pipeline and lead to significant mispredictions. Our findings highlight a critical and underexplored vulnerability in the visual perception stack, highlighting the need for more robust defenses against physical-layer attacks in such systems.
Abstract (translated)
图像传感器在包括监控基础设施、自动驾驶汽车和工业自动化在内的多种安全和关键系统中扮演着重要角色。这些系统的决策依赖于视觉数据的完整性。在这项研究工作中,我们调查了一类新颖的电磁信号注入攻击,这类攻击针对的是图像传感器的模拟领域,允许对手操纵原始视觉输入而不触发传统的数字完整性检查。我们揭露了CMOS图像传感器上此前未被记录的一种新型攻击现象:通过精心调制的电磁干扰,在由图像传感器捕获的图像中诱导出类似彩虹的颜色伪影。进一步地,我们评估了这些攻击对最先进的目标检测模型的影响,表明注入的伪影会传播到图像信号处理管道,并导致显著的误预测。我们的研究结果强调了视觉感知栈中的一个关键且未被充分探索的安全漏洞,突显了此类系统中需要更强大的物理层防御措施以抵御攻击的重要性。
URL
https://arxiv.org/abs/2507.07773
