Hacking 3D printing of parts to sabotage the work of the future device


    The propeller of the copter with the changes that lead to the destruction of the part during its operation

    In 2016, the IoT-sphere continues to actively develop. Now literally everything can be connected to the Web, from refrigerators to 3D printers and pacemakers. Not all connected systems are equipped with reliable protection, so hacking most devices is a matter of time. You can literally hack everything.

    Moreover, hacking gradually becomes not only a threat to virtual systems, with the help of cyber attacks, you can destroy quite real physical objects. It is, in particular, about power plants or other industrial facilities. Burglars, in addition, have learned to manage robots or “digital assistants” in Tesla electric cars. The other day there was information about another type of hacking: attackers can influence the printing process on a 3D printer in order to start the production of defective components.

    Cybersecurity experts from the David Ben-Gurion University in the Negev, with the assistance of specialists from the University of South Alabama and the University of Singapore technology and design, developed a method of cracking 3D printers that allows you to remotely edit the printed parts or influence the printing process directly during the printer. Edits are almost imperceptible, but they subsequently lead to the destruction of the part itself already in the process of its operation.

    The study was named “dr0wned - Cyber-Physical Attack with Additive Manufacturing”. This paper describes the process of hacking a PC with a 3D printer connected to it. During the attack, the specialists got access to the model files of the details of the propeller of the drone, which were then printed on a 3D printer. And after only two minutes of flight, the quadrocopter fell to the ground from a great height as a result of the planned destruction of the propeller blades.

    In the experiment, the fall occurred at the moment the dron reached its maximum height. In the fall, the device received significant damage. In particular, one of the motors was damaged, the camera was completely destroyed, the drone case cracked.


    To gain access to a computer with a connected 3D printer, the authors of the work used a vulnerability in WinRAR that allows you to hide the name and extension of the compressed file. The developers created a malicious executable using the Metassploit framework. The malicious file was masked as a regular PDF document. The victim received an e-mail message, opened the archive and launched the “document”. After launching the file, Israeli specialists received full access to the victim’s computer.

    On the computer were found .STL-files, which are ready-made models of propellers copter. One of the copter propeller model files has been modified to make the part more vulnerable to physical impacts. The experiment used the SolidWork software package. After modification, the modified file was saved on the victim's computer instead of the propeller model file with normal characteristics.

    During the field tests, the researchers found out that the propellers can withstand the flight of the copter for several minutes. As the load increases, the modified propeller breaks, which leads to a drone crash.

    This problem is more important than it might seem. The fact is that now 3D printing is increasingly being used in industry. With the help of such systems in factories and factories produce parts of the body of cars and airplanes. For the time being, there are few such productions, but over time they will become more. And industrial sabotage can be much more high-tech than it is now. Moreover, in this case, sabotage does not manifest itself immediately, the consequences of the attack are postponed in time.


    Copter with three normal propellers and one defective

    Specialists from the David Ben-Gurion University in the Negev demonstrated for the first time an “indirect multi-stage cyber-physical attack”. With its help, the authors of the work were able to change the size and position of the printed parts. According to these specialists, the attack may consist either in changing the specifications of the parts, that is, editing the files, or directly changing the production process itself on the fly. Even minor changes can lead to important consequences. Changes in thickness, length, width of parts can be critical in many cases.


    The picture shows a propeller copter, modified during a cyber attack

    The project participants stated that despite the fact that all the work is experimental in nature and during the attack a private 3D printer was hacked, similar attacks can be made on industrial systems that create parts for critical systems in production. “In order to protect society and national interests, it is necessary to find a solution to this problem and implement it, which will increase the sustainability of 3D printing systems to hacking and outside interference,” the developers said.

    Also popular now: