Hacked 3D printers could commit industrial sabotage

Hackers could introduce defects into printed products, researchers are warning

3D printers can churn out toys, clothing and even food. But the technology also shows potential for use in industrial sabotage, researchers warn.

Imagine a car maker using 3D printers to manufacture components, only to have the parts contain defects that are undetectable until it’s too late.

A hacker with access to the 3D printers could make that happen, a team of researchers wrote in a recent paper. This could result in a "devastating impact" for users and lead to product recalls and lawsuits, said New York University professor Nikhil Gupta, the lead author of the paper.

3D printing is also known as “additive manufacturing.” It involves printing out layer after layer of material to create an object, like a plastic figurine or even a house.

The technology could streamline manufacturing, and the car industry is already experimenting with it. In the past, companies used 3D printers mainly to create prototypes, but recent advancements will expand the use of the technology to make actual products, research firm Gartner predicts.

If that happens, companies should be on guard for possible misuse. Many 3D printers are connected to the Internet, allowing for remote control, the researchers said. Hackers might be able to target these printers and secretly introduce internal defects in the manufacturing process.

For example, products might be made to handle less strain, leading them to break apart over time. The defects could be so small that not even ultrasonic imaging would detect them.

This could be life-threatening if defective components were printed out for cars or airplanes. The aircraft industry has been using 3D printers to create replacement parts, noted Steven Zeltmann, one of the paper’s authors. He is a graduate student at New York University.

The potential for sabotage could also grow if manufacturers chose to outsource their commercial 3D printing to less trustworthy third parties, Zeltmann said via email.

And the security risks of Internet-connected printers go beyond the manufacturing itself. Given that 3D printers rely on design files, a breach could compromise a company's intellectual property.

To prevent the security risks, Zeltmann recommended that manufacturers disconnect their 3D printers from the Internet and encrypt their design files.

Companies could obfuscate their design files and use encryption so that only the designated 3D printer would know how to read them. “A printer without the right knowledge of what to ignore/follow would print a totally different part or just a big mess,” Zeltmann said.

Join the CSO newsletter!

Error: Please check your email address.

More about GartnerYork University

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place