Can the Sound of a 3D Printer Be a Security Threat? Researchers at the University of California Think So

Most people I know have been victims of a computer virus at one time or another. I certainly have, more than once, and it’s always incredibly stressful. Not only have these viruses caused my computer to go haywire, but there’s always the fear that whatever has infiltrated my system is accessing all of my personal information. It’s terrifying to think about how sophisticated computer hackers have become. Even when you create what websites consider to be “strong” passwords – i.e. absolute gibberish made up of numbers, letters and symbols all scrambled together so that you forget them before you can even write them down – hackers can still occasionally find a way in. I know plenty of people who have had their credit card information stolen, and they’ve never been able to figure out exactly how it happened. It’s a scary world out there on the Internet.

I have to admit, though, that part of me is actually somewhat impressed with the sophistication of cyber-thieves. Impressed, and apprehensive, especially when I think about the potential effects a major cyberattack could have on national security, but people are coming up with ways to steal information that I never thought would be possible. Some of them never even would have occurred to me, and probably not to most people, but the ingenuity of hackers seems to know no limits.

We’ve written a lot about intellectual property issues in 3D printing. The laws and even definitions regarding intellectual property theft are still woefully nebulous in this industry, and it’s incredibly easy to steal other people’s designs and market them as your own when they’re made available online. But researchers at the University of California, Irvine have discovered that a sophisticated thief doesn’t even need to wait for files to be put online – it’s possible to steal information directly from a 3D printer just by recording the sounds it makes.

The research team, led by Mohammad Al Faruque, an electrical engineer, computer scientist and director of UCI’s Advanced Integrated Cyber-Physical Systems Lab, discovered – almost by accident – that it is possible for an ordinary smartphone to record the very precise sounds made by a 3D printer during operation. While this may seem innocuous and even pointless, unless you’re trying to create a very avant-garde musical composition, those sounds carry very specific information about the printer’s movements. By analyzing the recording, a would-be hacker can actually reverse engineer the object being printed and then recreate it somewhere else.

“My group basically stumbled upon this finding last summer as we were doing work to try to understand the relationship between information and energy flows,” said Al Faruque. “According to the fundamental laws of physics, energy is not consumed; it’s converted from one form to another – electromagnetic to kinetic, for example. Some forms of energy are translated in meaningful and useful ways; others become emissions, which may unintentionally disclose secret information.”

The team tested the theory in the lab, and found that they were able to reproduce a key-shaped object with nearly 90% accuracy simply by recording and analyzing the sounds the printer made when producing the original. They will be presenting their findings at this year’s International Conference on Cyber-Physical Systems, which will be taking place in Vienna from April 11-14. Already, Al Faruque says, their research has been attracting attention from other departments at UCI as well as several United States government agencies who recognize the potential for serious security breaches, particularly in manufacturing environments.

“In many manufacturing plants, people who work on a shift basis don’t get monitored for their smartphones, for example,” Al Faruque said. “If process and product information is stolen during the prototyping phases, companies stand to incur large financial losses. There’s no way to protect these systems from such an attack today, but possibly there will be in the future.”

Generally, 3D printers can be well-protected from cyberattacks by encrypting the G-code in the source files, which is why there haven’t been many issues of thievery directly from printers thus far. If we’ve learned anything in this computer age, however, it’s that hackers and thieves will find a way to steal information, however implausible the methods sound. While this new development may sound, at worst, like a headache and potential lawsuits for corporations, it may eventually lead to more serious threats – particularly as 3D printing begins to meld with smart technology.

“President Obama has spoken about returning manufacturing to the United States, and I think 3-D printing will play a major role because of the creation of highly intellectual objects, in many cases in our homes,” Al Faruque said.

Part of me wonders if the release of this study might actually lead to more incidences of this type of theft; after all, how many people would ever even have thought of stealing information from 3D printer sounds before this? One thing you never want to do is give cyberthieves new ideas, but making companies and government agencies aware of potential threats is the most effective way to prevent them before they can take hold. Al Faruque has several ideas already, including white noise devices or other technology to jam acoustic signals coming from 3D printers. The simplest solution, of course, is to prevent people from carrying smartphones in additive manufacturing environments while sensitive items are being printed, but, as I’ve seen at every company I’ve ever worked for, outlawing smartphones is always easier said than done.

This is an interesting new development in the murky mess of intellectual property and security concerns that has arisen from the growth of 3D printing. It’s possible that nothing will come of it; it’s also possible that this may be a significant problem in the future. Regardless, we’ll be keeping a close eye on it. You can see a brief presentation of UCI’s research below. What do you think of this new process? Discuss in the 3D Printing Reverse Engineering forum over at 3DPB.com.

Source: UCI