Pritam Dash and Karthik Pattabiraman, Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2025. (Acceptance Rate: 20.1%) [ PDF | Talk ]. Artifacts available, reviewed and reproducible.
Abstract: Physical attacks such as sensor spoofing and tampering are a growing concern for Robotic Autonomous Vehicles (RAV) such as drones and rovers. Studying the impact of these attacks and developing defense techniques is challenging, as it requires sophisticated signal injection hardware. Consequently, prior work in RAV security simulates physical attacks through software by injecting bias into sensors. However, the absence of a standardized method for attack injection compels researchers to use custom approaches. This lack of uniformity leads to challenges in reproducibility and, at times, questionable claims. We present RAVAGE, a tool for injecting realistic physical attacks through software. RAVAGE is easily extensible to multiple autopilot software and RAV types. It also allows users to configure the attack parameters without any code modifications. Further, RAVAGE automates the injection of both overt and stealthy attacks, offering a comprehensive setup for RAV security experiments. We evaluate RAVAGE on three virtual and three real RAVs, targeting six different types of RAV sensors, across a wide range of missions. We find that the attacks injected by RAVAGE resulted in crashes or mission failure in over 75% of the cases while incurring less than 2% performance overhead.