π-Jack: Physical-World Adversarial Attack on Monocular Depth Estimation with Perspective Hijacking

Monocular depth estimation (MDE) plays a crucial role in modern autonomous driving (AD) by facilitating 3-D scene understanding and interaction. While vulnerabilities in deep neural networks (e.g., adversarial perturbations) have been exploited to compromise MDE, existing attacks face challenges in target accessibility and stealthiness. To address these limitations, we introduce pi-Jack, a novel physical-world attack on MDE via perspective hijacking. It is based on an observation that MDE relies heavily on perspective cues to infer depth, yet these cues can be manipulated by strategically placing common 3-D objects in AD scenes. With an optimization-based approach, pi-Jack "hijacks" the perspective information and alters the target pixels' depths perceived by the MDE model in a black-box manner. We also show via experiments that pi-Jack is effective across various MDE models and scenarios, confirming generalizability of perspective hijacking. Our extensive evaluations demonstrate that pi-Jack is effective across different target and attack vectors, and increases the mean depth error by over 14 meters. Moreover, in our end-to-end AD simulation, pi-Jack results in compromised lane change, sudden braking, and life-threatening collisions.