Recently, researchers have demonstrated that how attackers can cause fatal equipment failures by destroying the integrity of 3D-printed parts. In a proof-of-concept experiment, they sabotaged the 3D printed replacement propeller of a quadcopter by maliciously modifying its design, and thus caused the quadcopter to fall from the sky. Researchers simulated how attackers could use spear phishing emails to obtain access to the target controller PC for 3D printing, and install malwares on the target. The malware then downloaded the blueprint, and replaced the original blueprint with the one with developed sabotaged design. In the experiment, researchers modified the design file by inserting 0.1mm internal rectangular gaps into the joint, and the sabotage would remain unnoticed by a simple visual inspection. The propeller performed normally in the first three test cycles, but broke apart in the fourth cycle. This experiment is designed to expose the threat additive manufacturing companies face from increasing use of 3D printing. There are increasing industries started to use 3D printed parts in their products, such as aerospace and automotive industries. The growth of additive manufacture also attracts attention of hackers from criminal gangs or terrorists.
One thing I think interesting is that the design defect could not be noticed through visual inspections, and the quadcopter could even normally perform in the initial test. This would be very dangerous if this kind of attack happens in the real life. For example, if the 3D printing blueprint of a replacement part of an airplane is maliciously modified, the airplane may be still able to pass the visual inspection and flight mechanical test. However, the unnoticed defect may lead to airplane failures or even air crash later in real flight. In addition, I think this kind of attacks can hardly be conducted by an individual, because it requires both IT experts and experts with knowledge and experiences in the targeted industry. Therefore, this kind of attacks may attract more attention of terrorist organizations with adequate resources rather than normal hackers. This would become a great threat to governments, since many countries have already used 3D printing for weapon and aircraft manufacturing.
Wow very interesting article Mengqi. This is concerning as 3d printers are becoming mainstream. Good point on the fact that IT experts as well as industry experts would need to work together in order for this type of attack to be successful. I can see how these attacks can be launched by state sponsored actors with a political agenda, as the resources necessary would easily be available. These attacks could also possibly happen if rogue industry experts start selling their skills, like the tools available on the darkweb. Not sure how this could be defended. There would obviously need to be some form of authentication that compares the printed design against the blueprint, which should be locked up somewhere safe.