Search papers, labs, and topics across Lattice.
The paper introduces MirrorDrift, a novel physical attack on LiDAR SLAM systems that leverages specular reflection from an actuated planar mirror to inject ghost points into LiDAR scans. This method bypasses traditional LiDAR spoofing techniques that rely on signal injection and are increasingly mitigated by modern LiDAR defenses. Experiments demonstrate that MirrorDrift significantly increases pose error in both simulated and real-world environments, achieving up to 6.03m localization errors even against a state-of-the-art LiDAR with interference mitigation.
Forget signal injection – a strategically placed, actuated mirror can now hijack even the most secure LiDAR SLAM systems, inducing localization errors exceeding 6 meters.
LiDAR SLAM provides high-accuracy localization but is fragile to point-cloud corruption because scan matching assumes geometric consistency. Prior physical attacks on LiDAR SLAM largely rely on LiDAR spoofing via external signal injection, which requires sensor-specific timing knowledge and is increasingly mitigated by modern defense mechanisms such as timing obfuscation and injection rejection. In this work, we show that specular reflection offers an injection-free alternative and demonstrate an attack, MirrorDrift, that uses an actuated planar mirror to cause ghost points in LiDAR scans and systematically bias scan-matching correspondences. MirrorDrift optimizes mirror placement, alignment, and actuation. In simulation, it increases the average pose error (APE) by 6.1x over random placement, degrading three SLAM systems to 2.29-3.31 m mean APE. In real-world experiments on a modern LiDAR with state-of-the-art interference mitigation, it induces localization errors of up to 6.03 m. To the best of our knowledge, this is the first successful SLAM-targeted attack against production-grade secure LiDARs.
