Then suddenly, two minutes into the flight, one of those propeller blades disintegrates.
The machine tries to compensate, but the damage is too great. Seconds later, it’s plummeting to earth. It’s been hacked.
But this hack didn’t happen during the flight. It didn’t involve the drone’s software or communication. This hack took aim at the manufacturing process, introducing defects into the drone’s 3D-printed parts.
Researchers in Israel demonstrated the process as part of an experiment. They used a phishing scam to gain access to design files, and replaced them with their own versions featuring tiny defects – undetectable to the naked eye – that would cause the blade to fail.
3D printing offers a host of advantages for manufacturers, but there are risks too. It’s not just the threat of sabotage and hacking – by creating digital versions of their designs, firms also risk them being stolen and replicated by others, especially as a lot of 3D printing is outsourced to ‘additive manufacturing bureaus’.
“Imagine outsourcing the manufacturing of an object to a 3D printing facility and you have no access to their printers and no way of verifying whether small defects, invisible to the naked eye, have been inserted into your object,” says Mehdi Javanmard, an assistant professor at Rutgers University-New Brunswick, and co-author of a recent study about defeating cyber-attacks on 3D printers. “The results could be devastating and you would have no way of tracing where the problem came from.”
So as the industry gets better at printing products using additive manufacturing, there’s a subset of researchers looking at fascinating ways to protect those products from theft and subterfuge.
“These 3D-printed components will be going into people, aircraft and critical infrastructure systems," says Raheem Beyah, professor at Georgia Tech's School of Electrical and Computer Engineering. “Malicious software installed in the printer or control computer could compromise the production process. We need to make sure that these components are produced to specification and not affected by malicious actors or unscrupulous producers.”
Microphones, sensors and golden nanoparticles
At Rutgers and Georgia Tech, researchers have been looking at ways of detecting whether a design has been compromised by monitoring the printing process and the movement of the ‘extruder,’ the nozzle through which the material is ejected to form the item being printed.
This can be done using acoustic monitoring, with an inexpensive microphone and filtering software that can detect changes in the printer’s sound. These changes may indicate that the device is erring from its normal operation. It's also possible to use sensors to track the physical parts of the printer as they move around, looking for variations from what’s expected.
"Just looking at the noise and the extruder's motion, we can figure out if the print process is following the design or a malicious defect is being introduced," said Saman Aliari Zonouz, an associate professor at Rutgers-New Brunswick.
The joint Rutgers and Georgia Tech project has also developed a way to check the finished product to see if it has been compromised, using gold or steel nanoparticles. These could be mixed in with the filament (the material being used to print with) during printing, and then the piece would be scanned afterwards. If the expected location of these particles varied from what was expected, it could indicate a problem with the component.
Deliberate defects
Professional Engineering spoke to a prominent 3D printing researcher, who asked not to be named in this article, about whether these kind of attacks were a genuine threat at the moment. “At this point we don't really have that much of a problem because simply the amount of things that get manufactured with 3D printing are still relatively small,” he says.
The intellectual property side of 3D-printing is a bigger risk at the moment, he adds. Approaches to prevent designs being stolen have generally been on the software side, and some companies go as far as to install their own systems at the external 3D-printing providers that they might use to protect their intellectual property.
One alternative approach involves designing your product so that it only works properly if it’s printed on a particular printer, or from a specific, proprietary material. Earlier this year, a group of researchers at NYU created a way of embedding hidden flaws in a CAD file to prevent this kind of intellectual property theft.
Their work describes how intentionally induced defects can disappear if a file is printed under exactly the right conditions. This would, in theory, enable manufacturers to create product designs that would only work properly when built using their own systems.
Aspects of the printing process such as file resolution, printing direction and printer resolution affected whether the flaws were activated or neutralised. These security features could be intentional holes in something that’s supposed to be solid, or minor tweaks that make an item break more easily.
“Cybersecurity tools can be applied as usual to make the files and cloud secure; however, in case the design files are stolen, there is nothing in the designs to deter printing a high-quality component,” says Nikhil Gupta, a materials researcher at NYU who led the work. “The new approach is designed to provide an advantage in this scenario and to make printing high-quality parts from stolen files difficult.”
Jumping the gun?
The researcher we spoke to suggests that the research anti-hacking methods might be premature. “I think that is jumping the gun, because there are so many other problems to sort out with 3D printing before wide-scale adoption,” he says. “In the future this might be relevant but at the moment I wouldn't worry about it.”
But as 3D printing continues to grow, it will undoubtedly be something that engineers will need to take into account. “The idea that additive manufacturing processes could be compromised to intentionally hurt someone hasn't really been considered with some of these applications,” says Beyah. “There is a good bit of room to improve the security of 3D printers, and we think that will start with applications that are closest to humans, such as implants and medical devices.”