Security analysts interviewed for an August 2016 TechRepublic article warned about the likelihood of 3D-printing devices being compromised to a point where undetectable and dangerous defects could be introduced in the 3D-printing (or additive manufacturing) process.
Fast forward to August 2017, and experts are raising the alarm with even more urgency. They are concerned that cyberattacks directed at 3D printers could threaten our health and safety. “3D-printed objects and parts are used in critical infrastructures around the world, and cyberattacks may cause failures in health care, transportation, robotics, aviation, and space,” writes Todd B. Bates in this Rutgers University-New Brunswick press release.
Saman Aliari Zonouz and Mehdi Javanmard, professors in the department of electrical and computer engineering at Rutgers, coauthored the peer-reviewed paper See No Evil, Hear No Evil, Feel No Evil, Print No Evil? Malicious Fill Pattern Detection in Additive Manufacturing (PDF). The paper’s introduction states, “Safety-critical products, such as medical prostheses and parts for aerospace and automotive industries are being printed by additive manufacturing methods with no standard means of verification.”
SEE: How to build a successful career in cybersecurity (free PDF) (TechRepublic)
Out of sight, out of mind
As more companies see the benefit of 3D printing, they are running the numbers to see what is the best option–in-house or outsource. Equipment costs and less than appealing ROIs have many companies contracting with outside 3D-printing houses to have their parts made. However, being “out of sight, out of mind,” does not eliminate the potential for problems.
“Imagine outsourcing the manufacturing of an object to a 3D-printing facility, and you have no access to their printers and no way of verifying whether small defects, invisible to the naked eye, have been inserted into your object,” said Javanmard. “The results could be devastating, and you would have no way of tracing where the problem came from.”
SEE: Research: 3D Printing 2017: Benefits, trends, enterprise applications (Tech Pro Research)
Design file verification
As to what needs to be verified, the researchers explain in their paper that attackers–once access is gained to the network containing the 3D printers and controlling computers–can alter design files, including object specifications, manufacturing parameters, and/or source materials used by the 3D printer.
Since parts are likely to be designed in-house, the contracted 3D printing firms will not know if the design files have been tampered with digitally. The researchers from Rutgers and Georgia Institute of Technology advise that companies outsourcing 3D-printed components initiate a process to ensure that in-house digital files are correct (verify design specifications, manufacturing parameters, and materials), the 3D-printing house has received unadulterated copies and places a high priority on their security.
3D-printed part verification
Besides design files, verifying the physical object is essential due to the possibility of hacking the 3D printer’s firmware with the intent to introduce changes that will cause part failure. Put simply, this is where the real problem lies, as both Zonouz and Javanmard submit small alterations introduced by attackers, largely undetectable, are all that is required to increase the chance of part failure.
SEE: 2017 IT Security & Ethical Hacking Certification Training (TechRepublic Academy)
The researchers have come up with several ways to verify whether a part has been made correctly or using a 3D printer with compromised firmware or a hacked computer controller (Figure A).
Acoustic verification uses audio classification technology to determine whether a production 3D printing matches a known correct 3D printing of the object.
Spatial verification (Gyroscopic Replication) provides a visualization of the 3D printing in real time along with data for frequency analysis of the 3D-printing process. In their paper, the researchers write, “The goal in setting up a spatial sensing verification scheme is to physically monitor the position of the printing nozzle with respect to the printing base, in order to observe their actual positions throughout the printing process.”
Materials verification (Spectroscopic) determines whether the correct materials were used and whether indicator patterns appear in the proper locations. The researchers figured out how to embed contrast material that will act as signature markers for 3D printings without compromising the structural integrity of the original model. “Tiny gold nanoparticles are injected into the filament and sent with the 3D print design to the printing facility,” explains Bates in the press release. “Once the object is printed and shipped back, high-tech scanning reveals whether the nanoparticles–a few microns in diameter–have shifted in the object or have holes or other defects.”
The possibility of 3D printing hacks
It is not difficult to intuit situations where compromising 3D printing would be possible, or even likely–remember Stuxnet and its use as a digital weapon against physical devices. Zonouz tells Bates that the team’s next step is to investigate other possible ways to attack 3D printers and propose defenses. Zonouz adds, “You’ll see more types of attacks as well as proposed defenses in the 3D-printing industry within about five years.”
Note: Participants in the study include Christian Bayens and Raheem Beyah from Georgia Institute of Technology, along with Tuan Le, Luis Garcia, Mehdi Javanmard, and Saman Zonouz from Rutgers University.