Researchers Crash a Drone to Prove a Point: Don’t Underestimate 3D Printer Security Threats
Is nothing safe anymore? One could argue that nothing ever has been, really, but it’s a disturbing reality that in today’s technological world, in which almost everything is linked in some way to the Internet, security is continually being threatened in new ways. When 3D printing was in its early days, it’s likely no one ever imagined it could be a security threat, but the technology has definitely turned out to have a nefarious side – and I’m not just talking about 3D printed guns or copied keys.
Experts have warned that cybersecurity issues should not be underestimated when it comes to 3D printers, which, like anything else with a web connection, are potentially vulnerable to hacking. We may not hear about hacked 3D printers very often, but the potential is there, and researchers have been spending a lot of time trying to anticipate the worst. While on the surface, cyberattacks on 3D printers may seem like a relatively minor threat, with the most dire consequences being stolen intellectual property, the issue becomes a lot more serious when you start thinking about what 3D printers are creating nowadays. Airplane parts, rocket engines, even medical devices – if these things can be tampered with remotely, it’s not good, to say the least.
A team of professors from the University of South Alabama, Ben-Gurion University of the Negev, and Singapore University of Technology and Design recently carried out an experimental cyberattack on a partially 3D printed drone to demonstrate the damage that 3D printer hackers could potentially cause. The team orchestrated a phishing attack on the computer containing the files for a DJI drone. Once they accessed the computer, they downloaded the 3D file for a replacement rotor blade and added hollow cavities in the interior of the blade, weakening it in a way that wouldn’t be detectable by visual inspection.
According to Ben-Gurion University professor Yuval Elovici, the team deliberately engineered the design flaws so that they wouldn’t cause the propeller to fail right away, giving the drone enough time to get high into the air before breaking for maximum damage when it hit the ground. Once they printed the blade and attached it to the drone, they carried out a flight test, which went exactly as they had intended it to go; the drone flew normally for a few minutes before the sabotaged propeller blade flew off and sent the $1,000 drone crashing to the ground.
Full details of the research project were documented in a paper entitled “dr0wned – Cyber-Physical Attack with Additive Manufacturing,” co-authored by Elovici, Sofia Belikovetsky, Mark Yampolskiy, and Jinghui Toh. The researchers put together a video detailing their process and the intentionally failed flight, linked in the paper:
“Initially we focused on checking whether the 3D-printer can be hacked,” said Elovici. “Quickly, we realized that such an attack cannot scale due to the huge variety of 3D printers, and thus we decided to focus on how attackers may intervene in a generic way in the process between design and production.”
The paper breaks down multiple scenarios for how 3D printed parts could be compromised, and the large number of feasible methods is unsettling. Although a widespread cyberattack on multiple 3D printers is unlikely, Elovici said, plenty of damage can still be done by manipulating one single part.
“Imagine that an adversary can sabotage functional parts employed in an airplane’s jet engines,” he said. “Such an attack could cost lives, cause economic loss, disrupt industry, and threaten a country’s national security.”
While the research team’s attack was targeted at a private personal computer, they warned that a similar attack could be carried out on an industrial or corporate computer system, which has the potential to cause a lot more problems. It’s a grim realization, but the intent of the study wasn’t to scare people but rather impress upon them the need for strict security measures in additive manufacturing facilities.
“…[B]efore printing an object, there is a need to check that the file was not modified and there are many cryptographic means that can be used in order to achieve this goal,” Elovici said. “The research community is currently engaged in developing innovative methods that involve innovative data verification techniques that verify that what is printed is exactly [the] content of the original design.”
Discuss in the Drone Sabotage forum at 3DPB.com.[Sources: dr0wned – Cyber-Physical Attack with Additive Manufacturing; EurekAlert; TechRepublic]
You May Also Like
Additive Manufacturing and 3D Printing in 2019
Additive manufacturing is changing the world. Another term for 3D printing, additive manufacturing differs from other forms of manufacturing in that, rather than removing material like machining, it adds material...
Tunisia: Researchers 3D Print Optimized Car Leaf Spring out of Carbon PEEK
Authors Amir Kessentini, Gulam Mohammed Sayeed Ahmed, and Jamel Madiouli have performed research and analysis after 3D printing a car part, with their findings outlined and recently published in ‘Design...
PEEK, PEKK and ULTEM May Just be the 3D Printing Thermoplastics You Need in Your Life
There was definitely life before plastics, but today we can’t imagine living without them. Before they were even invented (the first synthetic polymer was developed in 1869 by John Wesley...
Roboze Argo 500 Sets the Standard for the Production of Large Scale Finished Components with High Temperature and Composite Polymers
Bari, Italy With its new Argo 500, Roboze aims to become the leader in the large-scale 3D printing industry with high performance plastics. The Argo 500 is the result of constant...
View our broad assortment of in house and third party products.