FYI.

This story is over 5 years old.

Tech

Researchers Destroy Drone to Expose Vulnerabilities of 3D Printed Parts

An international group of researchers release a report on the potential for attack on devices using 3D printed parts that are made from hacked design files.
An image from the report illustrates the moment that a drone begins to fall after a faulty propeller breaks.

As the list of life-improving 3D printed products continues to grow, an international group of researchers have found at least one way that 3D printing could result in some distinctly life-worsening products. dr0wned – Cyber-Physical Attack with Additive Manufacturing is a report released by four researchers from three universities that identifies vulnerabilities in current 3D printing practices that could lead to the sabotage of "cyber-physical" systems that use 3D printed parts. In order to illustrate this potential threat, the researchers document the process of gaining access to a computer on which a 3D design file for a drone propellor is stored and modifying the file, resulting in the eventual destruction of a drone.

Advertisement

A diagram from the report illustrates the process of sabotaging a drone.

In the report, researchers Sofia Belikovetsky of Ben-Gurion University of the Negev, Mark Yampolskiy of University of South Alabama, Jinghui Toh of Singapore University of Technology and Design, and Yuval Elovici of Ben-Gurion University of the Negev point out that additive manufacturing, or 3D printing, is increasingly being used to produce functional parts for machines and devices, "including components for safety-critical systems." Their concern is that because 3D printers are computer controlled, the parts that the printers produce could be compromised if the security of the computers or design files are breached. "This paper demonstrates the validity of this concern, as we present the very first full chain of attack involving [3D printing], beginning with a cyber attack aimed at compromising a benign [3D printed] component, continuing with malicious modification of a manufactured object's blueprint, leading to the sabotage of the manufactured functional part, and resulting in the physical destruction of a cyber-physical system that employs this part," the report states.

Professor Yuval Elovici tells Motherboard that the idea for the project came about when looking at previous research that demonstrated how malicious firmware could cause a laser printer to start a fire. "We wondered if similar techniques can be applied to 3D printers thus we analyzed the process of 3D printing and derived many possible attack vectors. From the attack vectors we identified, we decided to demonstrate the one that is most generic and which can be applied to all 3D printers." But, the scope of the sabotage possibilities includes more than just devices like the drone in the report. "This method of sabotage can be applied to any component that is critical to the system where it is placed. For obvious reasons, we chose the aviation industry. Other examples may include sabotaging 3D printed hip implants," says Elovici.

Although destroying a drone just to make a point may seem frivolous, the ultimate goal of the report is to raise awareness about the importance of safeguarding computers containing 3D design files and prevent more serious attacks from occurring in the future. "Our main focus is on developing mitigation techniques that will prevent such attacks from happening and will guarantee to the user the integrity of the printed object," says Elovici.