Sep 7, 2016 | By Nick
The University of Buffalo has hacked a 3D printer with a smartphone to highlight the potential for Intellectual Property theft from a company’s own hardware.
3D printing has the potential to change the world and disrupt the whole manufacturing process, which we all agree is generally a good thing. It will render tooling and production lines, the very essence of mass production, completely redundant. It will give us on-demand manufacturing, slash transport costs and open up a world of possibilities with material science.
There are so many positives that we sometimes forget about the inherent dangers, but they are definitely there. If we only need the 3D model to produce a copy of a company’s products, then there will be a real incentive to hack into the system.
Wenyao Xu PhD, an assistant professor at the University of Buffalo’s Department of Computer Science and Engineering, spends an inordinate amount of time trying to hack into the 3D printing ecosystem and has now found a way to hack the 3D printer without leaving a trace with a simple smartphone.
Wenyao Xu, PhD, assistant professor in UB’s Department of Computer Science and Engineering
“Many companies are betting on 3-D printing to revolutionize their businesses, but there are still security unknowns associated with these machines that leave intellectual property vulnerable,” he said.
Most companies have some form of protection in place, with encryption, watermarks and simple alarm systems both foiling and flagging up brute force attacks. But Xu has shown that you don’t need to break in to the system at all to steal the information.
The researchers reprogrammed a smartphone to measure the acoustic and electromagnetic waves that the 3D printer emits during the production process. With a relatively simple software program, they reverse-engineered the location of the print nozzle at any one time and mapped whole products.
Now the process isn’t perfect. Even when the smartphone was just 20cm away from the 3D printer, which could arouse suspicions in the workplace, the team could only reproduce a simple doorstop with 94% accuracy. That number slipped to approximately 90% for complex medical and automotive parts.
The smartphone’s feedback also became increasingly unreliable as the distance to the 3D printer increased. When the team placed the phone 30cm away, then the accuracy rate dropped to 87cm. At 40cm, that figure dropped to 66%.
An employee in a position of trust could easily achieve gain this level of access and that leaves the door open for industrial espionage. “The tests show that smartphones are quite capable of retrieving enough data to put sensitive information at risk,” said Kui Ren PhD, co-author of the study and a professor in UB’s Department of Computer Science and Engineering.
The answer may be obvious: ban smartphones from sensitive areas. With so many employees reliant on intranet access, though, and the increasingly common Bring Your Own Device policies, it may be impractical. Who would think twice about a phone charging on a desk in the modern age?
As most of the information for the ‘hack’ came from the electromagnetic waves and distance was such a critical factor in the experiment, companies with mission critical prints may opt to seal off their 3D printers. If the 3D printers are kept at a safe distance and behind electromagnetic and acoustic shields, then this attack is simply impossible.
Increasing print speeds could also foil this form of industrial espionage on their own, as eventually the signals from the 3D printer will overlap and a smartphone simply won’t be able to receive a clear signal that accurately reflects the position of the printer head.
Software-based solutions could also vary the print speed and companies could even create their own electromagnetic and acoustic interference patterns to effectively encrypt the 3D printer’s signals.
There are a number of options to protect against this one, specific attack. But if the University of Buffalo found a simple way to hack a 3D printer without actually hacking it, then there are almost certainly entry points we just haven’t considered. Determined Intellectual Property thieves will make it their business to find them and we are sure that the IT security industry is set for a revolution of its own to meet the challenges that additive manufacturing will present.
We’re clearly going to have to reassess security as 3D printing becomes an integral part of the manufacturing process. Companies that invest vast amounts on R&D simply cannot allow cybercriminals to access their 3D models and steal their intellectual property, as if they have the design then they have everything.
Xu’s team will present their research at the 23rd annual Conference on Computer and Communications Security, organized by the Association for Computing Machinery, in Austria next month and the lecture comes with the ominous title: “My Smartphone Knows What You Print: Exploring Smartphone-based Side-Channel Attacks Against 3D Printers.”
It should certainly get the industry thinking about the vulnerabilities in every 3D printing system. Now we need to figure out how to patch them.
Posted in 3D Printer
Maybe you also like:
- VormVrij's LUTUM clay 3D printers upgraded for superior resolution and food 3D printing options
- Japan seeks to make custom manufacturing as cheap as mass production with new industrial 3D printer
- Chinese students launch crowdfunding campaign for $165 VAY ceramic 3D printing kit
- $499 M3D Pro 3D printer smashes $100,000 goal just hours after Kickstarter launch
- Daniel de Bruin's analog 3D printer uses gravity and weights to 3D print beautiful objects
- NASA-commissioned 3D food printer will now create on-demand pizzas at concerts and sporting events
- WASP advances work on 3D printed eco village with the massive BigDelta 3D printer
- North Korea unveils a new 3D printer that can make bones for surgery and dentistry
- Deltabots releases new PotterBot V4.5 ceramic 3D printer with 5,500 ml extruder
- Ion Core scales up smart 3D printing with huge industrial-grade Zinter Pro II 3D printer
I think that they wanted more than just a view of what the output would be. Rather, they were seeking to obtain a re-creation of the G-code used to generate the part. My guess is that they could listen to the hum or electromagnetic field from the movement of the stepper motors, and deduce the sequence of steps.
This is just silly wrote at 9/8/2016 1:58:21 AM:
If your 20cm away from the printer, you could just video the print!