MirrorDrift: Actuated Mirror-Based Attacks on LiDAR SLAM
This work addresses a security problem for autonomous systems relying on LiDAR SLAM by demonstrating a novel physical attack that bypasses modern defenses, though it is incremental as it builds on prior spoofing methods.
The paper tackles the vulnerability of LiDAR SLAM to point-cloud corruption by introducing MirrorDrift, an attack using an actuated planar mirror to create ghost points and bias scan matching, resulting in increased pose errors up to 6.03 meters in real-world tests on secure LiDARs.
LiDAR SLAM provides high-accuracy localization but is fragile to point-cloud corruption because scan matching assumes geometric consistency. Prior physical attacks on LiDAR SLAM largely rely on LiDAR spoofing via external signal injection, which requires sensor-specific timing knowledge and is increasingly mitigated by modern defense mechanisms such as timing obfuscation and injection rejection. In this work, we show that specular reflection offers an injection-free alternative and demonstrate an attack, MirrorDrift, that uses an actuated planar mirror to cause ghost points in LiDAR scans and systematically bias scan-matching correspondences. MirrorDrift optimizes mirror placement, alignment, and actuation. In simulation, it increases the average pose error (APE) by 6.1x over random placement, degrading three SLAM systems to 2.29-3.31 m mean APE. In real-world experiments on a modern LiDAR with state-of-the-art interference mitigation, it induces localization errors of up to 6.03 m. To the best of our knowledge, this is the first successful SLAM-targeted attack against production-grade secure LiDARs.