Vulnerabilities in 3D printing could be exploited for Cyber-Physical attacks and Cyber Warfare

Rajesh Uppal February 8, 2019 Cyber, Manufacturing Comments Off on Vulnerabilities in 3D printing could be exploited for Cyber-Physical attacks and Cyber Warfare 553 Views

3D printing or additive manufacturing is ongoing revolution in manufacturing with its potential to fabricate any complex object and is being utilized from aerospace components to human organs, textiles, metals, buildings and even food. Additive manufacturing, is defined by ASTM International as the process of joining materials together, layer by layer, based on three-dimensional model data.

3D printing can make military equipment faster accelerating product development and with less cost than other processes. It increases design possibilities, enhances the speed of innovation, and offers an alternative for creating shapes closer to what an engineer might need, with fewer constraints. 3D printing is revolutionizing defence by printing small components to full drones on naval vessels, replacement parts for fighter aircrafts to printing ammunition.

Substantial improvements have been made in 3D printing with the fabrication of 3D objects from metals, ceramics, plastics, and even multi-material capabilities. The first gun was printed back in 2013 (Walther, 2015; Greenberg, 2013); by May 2017, researchers at the U.S. Army Armament Research, Development, and Engineering Center had successfully designed, printed, and fired a grenade launcher (Hodgkins, 2017).

However, the proliferation of 3D printers means that anyone with 3D designs could be able to manufacture sophisticated weapons. Criminals and terrorists could now make their own undetectable firearms in private, using weapon’s blueprints online or hacking them.

China is alleged to be carrying out widespread efforts to acquire U.S. military technology and classified information and the trade secrets of U.S. companies. The Chinese government is accused of stealing trade secrets and technology, often from companies in the United States, to help support its long-term military and commercial development. China has been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities and a network of scientific, academic and business contacts. The proliferation of 3D printers and 3D designs would provide new opportunity to China to steal designs and then reverse engineer the technology or to make rapid countermeasures to it.

Cyber-Physical Attack with Additive Manufacturing

As part of the research, titled “dr0wned – Cyber-Physical Attack with Additive Manufacturing”, the researchers phished their way into a computer that was connected to a 3D printer, found the blueprints for a drone propeller that was to be printed, and sabotaged the design. The result? The quadcopter-style drone endured a catastrophic crash just two minutes into flight thanks to a faulty propeller.

“This paper demonstrates the validity of this concern,” the researchers wrote, “as we present the very first full chain of attack involving AM, beginning with a cyber attack aimed at compromising a benign AM component, continuing with malicious modification of a manufactured object’s blueprint, leading to the sabotage of the manufactured functional part, and resulting in the physical destruction of a cyber-physical system that employs this part.”

The researchers conclude that even though their attack was experimental and only breached a private person’s desktop 3D printer, similar attacks are possible on industrial systems that print metal parts for safety-critical systems. “In order to protect public safety and national security, solutions should be found and implemented that will increase both robustness and resilience of AM to sabotage attacks,” the researchers said.

Vulnerabilities of 3D printing

Cybersecurity vulnerabilities exist in 3D printing throughout the product lifecycle, fom design, manufacturing, to distribution.

Design stage

First of all, it is not hard to imagine that stealing design is made a lot simpler when the entire product is digitally manufactured. There is no need for reverse engineering no matter how complex the product is. In fact, there is evidence that some design can be copied simply based on the vibration of a 3D printer at work. Second, tampering critical component of a design via cyber attack is now possible.

Manufacturing stage

Recently NYU researchers have shown that not all defects can be detected using current quality control techniques. Intentional or unintentional design data corruption may result in such defects bypassing conventional quality control that can pose serious health risks. The same group of researchers also shown that simply changing the orientation of extrusion head will result in a structure with entirely different mechanical properties.

Decentralized manufacturing and distribution

One of the major benefits of digital manufacturing is that the same digital blueprints can be transmitted via the internet/cloud into any 3D printer located anywhere in the world. Such decentralized manufacturing ability allows for an entirely different supply chain, including solving the transportation problem, cost saving due to efficient inventory and storage. However, every step along the chain will put the device manufacturer at risk of losing proprietary design to defective end products.

The two primary threat vectors are via network connectivity and nonvolatile storage media. When devices are not protected by applicable security controls, network connectivity and information stored within nonvolatile storage media may be used to compromise organizational information or disrupt the device.

Cyber Risks

AM’s reliance on digital data files—and connectivity to transmit them—has numerous benefits for supply chain optimization. But it also means that once a file is stolen, hackers have access to the entire file in all of its intricacy, rather than simply to a physical object manufactured via conventional means that requires reverse engineering to create unauthorized or pirated copies.

Whereas with conventional manufacturing, those looking to steal or copy a design would still need the means to produce it—knocking out the majority of would-be thieves—with AM, possession of the design file and a printer can make it far easier to produce the stolen object. This can pose risks related not only to health and safety but also to brand and liability should the devices fail or cause injury.

Further, with access to a full design file, hackers could conceivably build in failure points in critical components without the designers’ knowledge, which would then be included in any object printed from that file. For example, the ACAD/Medre.A worm steals CAD files; another example, CryptoLocker Malware, infects a file and locks it, rendering it inaccessible to the user until she pays a ransom to unencrypt it. In other cases, toolpath files can be altered to impact placement of materials or layers during the build process, making a product unstable.

A report was developed by the National Institute of Standards and Technology – NIST, which is part of the Department of Commerce – to warn contractors of the various vulnerable and exploitable points in the way 3D printing is used by various companies.

According to the report, hackers can exploit unprotected 3D printers in a variety of ways. Some of the dangers listed are:

Denial of service (DoS): to make printing services unavailable.
Spams may waste materials while also result in denial of service for legitimate users.
Exploiting default administration/configuration passwords to control the device locally or remotely via a web interface.
Intercepting / Alteration / Corruption of unencrypted data and information.
Vulnerabilities of commercial embedded operating system.

Hackers can exploit 3D printing technology by stealing or altering information designs, rendering your printers unusable, or corrupting your settings to make devices overheat or even explode. In 2013, Powderpart Inc. saw an explosion within their printing facility which caused 3rd degree burns to an employee. “The fire and explosion hazards when working with titanium and aluminum are established, particularly when the materials are in powder form,” said Jeffrey Erskine, Occupational Safety and Health Administration’s area director for Middlesex and Essex counties in Mass. “Just as it’s easier to start a campfire with kindling than with logs, it’s easier for a metal fire to start when you’re working with metal powder that is as fine as confectioner’s sugar.

And of course, there is the theoretical possibility that 3D printing designs are altered with malicious intent as a method to sabotage constructions, weapons or defense systems.