Hearing the Loss of IP while 3D-Printing
3D printing and the internet has turned the idea of Intellectual Property (IP) on its head. For many people, the .stl files are seen as open source and free game to anyone who wants to 3D print them, even if there is copyright restrictions. In this generation that grew up file sharing on Napster, “sharing” 3D printing files is not a novel concept.
As more companies use 3D printing for proprietary designs, industrial espionage is turning its steady eyes to new ways to steal IP.
A team of researchers from the University of California, Irvine have discovered a new way to steal your design based on the sound of your 3D printer.
The team is led by Mohammad Al Faruque, director of UCI’s Advanced Integrated Cyber-Physical Systems Lab. The team found that if you leave a smart phone next to a 3D printer, it can record the sounds and vibrations of the nozzle. These sounds can then be reverse engineered to replicate the g-code for an object.
Al Faruque’s team achieved nearly 90% accuracy using the sound copying process to duplicate a key-shaped object in the lab. They will present their results at April’s International Conference on Cyber-Physical Systems in Vienna.
90 % in the beginning stage is amazing for this technology, so in the future there will be an audio to 3D printing file converter available on the dark net.
How to Steal 3D Printing IP
Using the sound of a printer is not perfect (YET), but it will not be the only way to steal the g-code of 3D prints in the future.
DISCLAIMER: Stealing IP is illegal, amoral, unethical and bad karma. So is corporate espionage. This information is provided in order to protect yourself from IP theft. Consult your IT department to see how they are preventing these forms of IP theft. Consult with your legal counsel BEFORE you do anything that can haunt you in the future. Lawyers are expensive, jail is worse. 3D-PT and its affiliates are NOT responsible for your bad choices.
- Theft of open-source files for profit: Just3DPrint and their sale of CC protected prints on ebay is the ugly tip of a very large iceberg. If you look through etsy, ebay, Amazon, or any major e-commerce site, you will find people 3D printing files they do not have the right to print. Likewise customers and 3D printers on services like 3DHubs are possibly guilty of producing Creative Commons (CC) controlled prints.
Whether it’s by omission or intentional, 3D printers will experience this form of IP theft.
- Data breaches: This will be more common with large companies that use offsite server farms to hold their IP. With countries like China actively probing the world-wide web for weaknesses, and black hats looking for a quick buck, the g-code for IP will be a prized target.
- SD cards / USB drives: There small, easy to use and easy to hide. For a corporate spy embedded in a business, these are a good way to smuggle out information. With many 3D printers using SD cards as a convenient way to store g-code, it will be easy for a spy to make a duplicate copy of IP.
- Smart Phones / tablets: In addition to listening to a print, they can store IP directly on them. With some 3D printers like Makerbots capable of connecting directly to a smart device, all it takes is one tapped connection to access IP stored on a smart device. It can also be possible for someone to pull the files off the 3D printer using the wireless connections that some 3D printers offer.
- Cloud Storage: Putting valuable IP in the cloud is an invitation to theft. Not only is it open to people with direct access, there are many holes in cloud storage that makes it accessible to unauthorized remote access.
- Scan from or object or picture: With the recent scandal about scanning and publishing the Bust of Nefertiti, future IP theft is bound to happen. As 3D scanners become more portable and more accurate, they can be used to generate their own g-code from the object. Likewise, anyone can take multiple pictures of IP and develop the g-code for a file.
- Employee poaching: With the demand for 3D modelers and engineers skilled in CAD, they will be open to employee poaching. They can take the valuable IP of one company and get a signing bonus for jumping ship with it.
- Dumpster Diving: 3D printing is an art that no one gets right all the time. Misprints, bad prints and prints that failed after 12 hours are all puzzle pieces to the finished IP. If something is worth reverse engineering, it would be easy to do from the failed prints.
How To Protect your IP
- Don’t publish online: Once the IP reaches the internet, there is little you can do to control the spread. While open source has its purposes, do not share IP on file sharing sites unless you are prepared to see them leave your control.
- No Cell Phone Zones: Condense your IP into secure areas. For 3D printing areas, provide an outside locker to secure all (yes, including employees) cell phones. Also consider a signal jammer (In the USA, the FCC frowns upon signal jammers. Consult your legal counsel before purchasing).
- Digital Storage: Store IP in-house on dedicated servers that are isolated from the internet. Also consider carefully how you will transfer information to the 3D printers. If you use physical media, develop a system so anyone can see approved devices at work.
- Protect IP from photos and scans: This will be a new field in security as the technology to 3D scan becomes more common. Add reflective tape or strips of LED’s to your physical device to interfere with cell phone photos. To prevent 3D scanning, put post, blocks, mirrors, or other objects close to the protected IP to interfere with the scan. Also control the viewing area that a scanner can use to access the IP. If the scanner can’t scan the full 360 degrees of the object, then the scan becomes worthless.
- Employ counter measures: To block anyone from listening to your 3D printers you can do the following.
- Put them inside a sound insulating case. This will help with climate control and ventilation, as well as IP protection.
- Use ventilation fans and white noise generators to mask the sound of your printer.
- Make your 3D printing area a No Cell Phone zone.
- Add various upgrades and devices to your printer so no two printers sound the same as a type of audio encryption.
- It is possible to make music with a 3D printer. If someone is listening, you can use it as a copyright trap. Add your own music sequence to your g-code, that way anyone who produces your object will be caught in a copyright trap.
6. Recycle your misprints in-house: Not only is it economical to recycle filament, you can destroy misprints to prevent them from going out to a dumpster diver.
IP protection will be an ongoing battle as 3D printers become mainstream. It will take vigilance, internal security and paranoia for companies to protect valuable IP.
UPDATE 3/9/16: Just3DPrint’s ebay page is empty, with ebay’s VeRo program dealing with the backlog of take-down request from the thousands of people they have ripped off. In a show of how juvenile Just3DPrint is, they have taken a page from Donald Trumps playbook and threatened to sue the blog site All3DP, which helped break the story.
Thingiverse and MyMiniFactory have also responded. MiMiniFactory now offers a service that puts your copyright and a short URL as a watermark into the file.