Security

3D printing security risk caused by undetectable defects, and ways to prevent it

3D printing hacks could lead to recalls, lawsuits, property damage, and even put people in danger, researchers find. They present two ways to stave off this security threat.

3dprinteristock38055122hopsalka.jpg
Image: iStock/hopsalka

Already a $4 billion industry, and projected to reach $18 billion by 2020, 3D printing appears to be the next disruptive technology. It's a disruption because 3D printing is replacing manufacturing practices that have been around ever since humankind started using tools.

As to what makes 3D printing different, read this excerpt from 3DPrinting.com:

'The creation of a 3D-printed object is achieved using additive processes. In an additive process, an object is created by laying down successive layers of material until the object is created. Each of these layers can be seen as a thinly sliced horizontal cross-section of the eventual object."

In the early days of 3D printing, it was used to create non-working prototypes. As the technology matured, companies began making actual parts, even critical jet-engine parts that must pass stringent US Federal Aviation Administration (FAA) testing. The GE press release dated April 14, 2015 states, "The compressor inlet temperature sensor housing, known as T25, recently became the first 3D-printed part certified by the FAA to fly inside GE commercial jet engines."

SEE: How GE is using 3D printing to unleash the biggest revolution in large-scale manufacturing in over a century (PDF download)

The potential for harm

Introducing undetectable defects into the printing process of the jet-engine part mentioned above would seemingly have serious consequences. A team of cybersecurity and materials engineers from the NYU Tandon School of Engineering and the University of Texas at Dallas agrees, deciding to find out what the likelihood of that scenario is.

In the team's paper, Manufacturing and Security Challenges in 3D Printing, they report that anytime the building of a part relies on a computer file—in this case, a Computer-Assisted Design (CAD) drawing file—it could lead to flaws in the manufactured product. The team looked, in particular, at printing orientation and insertion of undetectable defects, both of which could lead to product failure and dire consequences.

"These are possible foci for attacks that could have a devastating impact on users of the end product, and economic impact in the form of recalls and lawsuits," says Nikhil Gupta, a materials researcher with the team, in an NYU press release.

SEE: 3D printing: The smart person's guide

Why printing orientation is significant

At first glance, it may not seem so, but printing orientation is ultra-important. From i.materialise: "Because your model will be printed layer by layer, the printing orientation will influence the surface quality and strength." Figure A visualizes how orientation can affect a part's composition.

Figure A

3dprinting2securitykassner080416.jpg
Image: i.materialise

The research team agrees with the people at i.materialise, noting that part orientation while being printed could make as much as a 25% difference in strength. The authors suggest that current CAD files do not necessarily give any orientation instructions, making it easy for nefarious types to alter the printing process.

Ramesh Karri, a team member and cybersecurity expert, believes it is not too far-fetched that attackers could hack into 3D printers that are connected to the internet. "With the growth of cloud-based and decentralized production environments, it is critical that all entities within the additive manufacturing supply chain be aware of the unique challenges presented to avoid significant risk to the reliability of the product," explains Karri. "New cybersecurity methods and tools are required to protect critical parts from such compromise."

Inserting undetectable defects

In their testing, the researchers were able to introduce tiny defects between printed layers. When the finished parts were tested, current quality-control technologies such as ultrasonic imaging and finite element analysis were unable to find the defects. Gupta adds, "With 3D printed components, such as metallic molds made for injection molding used in high temperature and pressure conditions, such defects may eventually cause failure."

In the case of both printing orientation and inserting defects, the researchers feel their results showcase situations where product quality is affected, dangerous situations are possible, and security risks are likely. And, yet another example of where unsolved cybersecurity issues normally only affecting computing equipment, could cause real damage to people and property.

SEE: Your 3D printer is telling people what it's making (CNET)

Ways to make 3D printing more secure

Research team members have mentioned that it may be inconvenient, but disconnecting 3D printers from the internet is probably a good idea, as doing so will prevent printers from being remotely compromised. Lead author Steven Eric Zeltmann suggests that encrypting CAD files eliminates the chance of code alteration.

Note: The research team consisted of Steven Eric Zeltmann, Nikhil Gupta, Nektarios Georgios Tsoutsos, Michail Maniatakos, Jeyavijayan Rajendran, and Ramesh Karri.

Also see

About Michael Kassner

Information is my field...Writing is my passion...Coupling the two is my mission.

Editor's Picks