3D printing technology is quickly becoming a pivotal part of many industries. With this exploding technology, a recent article published in the journal JOM highlights how 3D printing can be vulnerable to corporate espionage.
As 3D printers play a larger industrial roll in our society, developing ways to attack and defend 3D prints will be a burgeoning new field of IT security.
In the article they discuss two different ways a 3D print can be weakened. The first is by altering the orientation of the print, the second by altering the g-code to print microscopic flaws into the print itself.
When it comes to attacking a 3D printing operation, there are three main points that a hacker can attack. The digital files, the 3D printers and the prints themselves.
The Digital Files
The most popular file format for 3D prints is .stl (STeroLithography). This file format has it share of problems as any designer can tell you. If you miss a spot anywhere, you will get a manifold error, an your print may come out with weaknesses, or it may not be printable at all.
Another issue is that the file will not tell you the orientation of the part in space. This can mean that a part you design to print for strength in one direction can be printed in an orientation that is far weaker.
Hackers can attack industrial prints using this vulnerability in .stl. They can alter a design and put holes or weaknesses in a design that can cause the prints to fail prematurely, or not even print at all.
Such a attack would be at the least inconvenient; as it would require the 3D printer to go back and fix the file to be printable, wasting time and filament. At worst, suck an attack can be fatal. With major airlines like Airbus using 3D printed parts as major components of their new aircraft, the potential for failure due to a print attack cannot be overlooked. Without a stringent QC process in all parts of the 3D printing process, it can be possible for compromised prints to make their way to the public.
3D printers can be an expensive capital investment, and any downtime can kill the bottom line for a 3D printing firm.
If a malicious hacker wanted to hurt a 3D printing company, attacking the 3D printers in their shop would be a devastating approach.
Just as the Stuxnet virus attacked specific hardware in uranium enrichment faculties, code may be written in the future to attack specific 3D printers and companies.
One attack could go after the extruders in a printer. For FFF type printers this can possibly be done by altering the G-code of the hot end. A hack of this type could cause the hot end to under heat, causing jams and extrusion issues. Or it could shut off the temperature sensor and cause a thermal runaway, melting the extruder and causing a printer fire. If the code randomized the method of attack, it may be possible to confuse the operator with the type of errors present, and delay detection.
Another extruder attack could alter the retraction settings. You could cause the extruder to over extrude and make the print rough, or you can have the extruder retract the filament too far and eject it from the extruder at random times in the middle or near the end of the print. If you have a long print that the filament ejects, you can lose the whole print and days’ worth of time due to this attack.
Other types of printers can have their firmware altered to fall out of calibration, produce bad prints, or physically jam themselves out of operation. With a wide verity of 3D printer designs, specialized attacks can be developed to attack certain brands of popular 3D printers. If the attack stays covert like Stuxnet, it may be months or years before IT discovers the problem with a 3D printer.
The worst attacks on a printer will be any sort that causes it to self destruct. Just like the classic Halt and Catch fire code, it may be possible to write a kill code that will cause a printer electronics to simply melt down.
The last point of attack would go after the prints themselves. In addition to putting micro flaws into the layers, there may be other ways the prints can be compromised.
A print can have its G-Code locked so unsuspecting printers end up printing a piece that is solid instead of hollow. This is an economic attack, as a solid piece would consume massive amounts of time and material. Inversely a print can be designed to be just bailey printable, and fail when it leaves the build plate.
Another attack would be a literal Trojan Horse. You could download one digital file, and have it appear in your slicer as what you want. But a hidden g-code could produce an altered print that is not what you expect. This would be annoying and a waste of filament. It could also be used to hide flaws into the print.
If a hacker was feeling nostalgic, they could revive the classic RickRoll and develop prints that are advertised as one popular print, then turn into a lame joke print.
Another attack could rewrite the firmware in the printer to result in a gibberish print. This Flying Spaghetti Monster attack could cause all your future prints to turn to rubbish at any time.
The attacks I describe here are theoretical at this point; but as 3D printing becomes more ubiquitous, the open source nature of 3D printing may make it vulnerable to such security hacks. It will require vigilance within the 3d printing community to watch for and report such hacks to the world.
DISCLAIMER: Hacking and attacking any part of a 3D printer, the firmware or software is illegal. Interfering with the internal operations of a company or sabotaging products is very illegal. This blog is written as a warning and not instructions on how to commit corporate espionage. Always protect your digital files with strong encryption, and consult with IT for best security practices for your business.