Scratched Lenses, Shifted Depth: Passive Camera-Side Optical Attacks

23d ago · Global · primary source: export.arxiv.org

A team of researchers has detailed a new class of physical adversarial attack on camera-based vision systems, showing that small scratches on a lens can be weaponized to distort depth perception and mislead 3D object detectors under specific lighting conditions [1]. The attack, termed Scratch-induced Lens Adversarial Streak Hijacking (SLASH), exploits passive, persistent damage on a camera lens or its protective cover. Unlike prior attacks that manipulate the scene with adversarial patches or projections, SLASH relies on the interaction between a fixed scratch pattern and bright light sources or specular reflections in the environment to create structured streak artifacts that corrupt geometric inference [1][2]. The researchers describe the threat as “persistent yet trigger-conditioned,” meaning the optical flaw remains dormant until activated by a specific visual scenario [2]. In their evaluation, the team tested SLASH against monocular depth estimation and monocular 3D object detection models in both simulated and physical environments. Under a fixed-scratch constraint, the attack induced directional depth shifts reaching a 32% relative error in monocular depth estimation tasks [1][2]. The effects also transferred consistently to monocular 3D object detection, with physical experiments confirming that the induced depth errors exceeded the models’ natural prediction baselines [2]. The work, posted on the arXiv preprint server, broadens the known attack surface for vision systems. Traditional physical adversarial research has focused on scene-side manipulations, such as stickers or auxiliary optics placed in front of the camera, which are treated as image-space perturbations [2]. The SLASH method instead models the scratch as a trigger-conditioned optical channel, optimizing a single fixed configuration to operate across diverse viewing conditions [2]. This approach reveals how benign-looking hardware imperfections can function as latent, scene-triggered adversarial mechanisms [1][2]. Modern smartphones, which integrate multiple cameras and depth sensors for tasks ranging from facial authentication to augmented reality, represent a broad deployment surface for such vulnerabilities [3]. The findings challenge prevailing assumptions about the physical robustness of vision pipelines and underscore the need for defenses that account for optical-path imperfections, not just digital or scene-level manipulations [1][2]. The paper is available through arXiv, an open-access repository that hosts over two million e-prints across physics, computer science, and related fields [9].

safety-researchresearch-papercontroversyinfrastructure

Background sources we checked (10)
  • arxiv.org ↗ Physical adversarial attacks on vision systems are typically studied through scene manipulation, such as adversarial patches or projections, where the adversary controls what the camera observes. Camera-side attacks using stickers or auxiliary optics have also been explored, but …
  • en.wikipedia.org ↗ A smartphone is a mobile device that combines the functionality of a traditional mobile phone (feature phone) with advanced computing capabilities. It typically has a touchscreen interface, allowing users to access a wide range of applications and services, such as web browsing, …
  • en.wikipedia.org ↗ This article is about the history of science and technology in modern Japan.…
  • en.wikipedia.org ↗ A number of significant scientific events occurred in 2015. Gene editing based on CRISPR significantly improved. A new human-like species, Homo naledi, was first described. Gravitational waves were observed for the first time (announced publicly in 2016), and dwarf planets Pluto …
  • info.arxiv.org ↗ arXiv Labs - arXiv info | arXiv e-print repository Skip to content # arXiv Labs Attention arXiv Users: arXiv Labs is pausing new proposals ## What are arXiv Labs? arXiv Labs are a way for the community to contribute new, useful features to arXiv. These integrations are avail…
  • blog.arxiv.org ↗ arXivLabs: a space for community innovation – arXiv blog arXiv has launched a new, formalized framework enabling innovative collaborations with individuals and organizations. “Members of our community want to contribute tools that enhance the arXiv experience, and we val…
  • info.arxiv.org ↗ arXivLabs: Showcase - arXiv info | arXiv e-print repository ... # arXivLabs: Showcase ... arXiv is surrounded by a community of researchers and developers working at the cutting edge of information science and technology. ... While the arXiv team is focused on our core mission—pr…
  • en.wikipedia.org ↗ arXiv (pronounced as "archive"—the X represents the Greek letter chi ⟨χ⟩) is an open-access repository of electronic preprints and postprints (known as e-prints) approved for posting after moderation, but not peer reviewed. It consists of scientific papers in the fields of mathem…
  • en.wikipedia.org ↗ 14 (fourteen) is the natural number following 13 and preceding 15.…
  • en.wikipedia.org ↗ A large language model (LLM) is a type of machine learning model designed for natural language processing tasks such as language generation. LLMs are language models with many parameters, and are trained with self-supervised learning on a vast amount of text.…

Sources

Spot something wrong? Report an issue