Drones

3D printing hackers down drone with self-destructing propellers

3D printing hackers down drone...
Researchers were able to make a 3D printer create a propeller that was seemingly identical to the original, but was designed to self destruct in flight
Researchers were able to make a 3D printer create a propeller that was seemingly identical to the original, but was designed to self destruct in flight
View 4 Images
The researchers downloaded a CAM file, redesigned the propeller, and uploaded it
1/4
The researchers downloaded a CAM file, redesigned the propeller, and uploaded it
Printing the sabotaged propeller
2/4
Printing the sabotaged propeller
The researchers gained access to the victim's computer using a phishing attack
3/4
The researchers gained access to the victim's computer using a phishing attack
Researchers were able to make a 3D printer create a propeller that was seemingly identical to the original, but was designed to self destruct in flight
4/4
Researchers were able to make a 3D printer create a propeller that was seemingly identical to the original, but was designed to self destruct in flight

In the near future, an F-35 fighter plane on a routine flight kicks in its afterburners and it goes supersonic. Suddenly, there's an almighty bang as one of the turbine blades in the jet engine disintegrates and within seconds the US$85 million plane is tearing itself to pieces. Is it an accident or sabotage? According to researchers at Ben-Gurion University (BGU), this scenario could be an example of a new type of cyber warfare where saboteurs can fool 3D printers into creating self-destructing parts that are indistinguishable from the real thing.

We tend to think of cyber attacks as something that involves stealing personal details or pilfering bank accounts, but with the world depending more and more on automated factories, robots, and the internet of things, the capacity of villains to do direct physical harm continues to grow. One example of this is spoofing 3D printing facilities into producing components that are designed to fail at critical moments.

Part of an international team that includes, BGU, the University of South Alabama, and Singapore University, the cyber security experts were considering the vulnerability of 3D printers to malicious hackers. At first they seemed not very susceptible to attack, but that soon changed.

The researchers downloaded a CAM file, redesigned the propeller, and uploaded it
The researchers downloaded a CAM file, redesigned the propeller, and uploaded it

"Initially we focused on checking whether the 3D printer can be hacked," says Professor Yuval Elovici, director of the Deutsche Telekom Innovation Lab and the BGU Cyber Security Research Center. "Quickly, we realized that such an attack cannot scale due to the huge variety of 3D printers, so we decided to focus on how attackers may intervene in a generic way in the process between design and production."

Instead of attacking the machines directly, the researchers went for the more vulnerable parts of the design and production cycle. They used a phishing attack to plant a malicious .exe file in the email of the simulated victim. When opened, they were able to gain access to the victim's personal computer, search for the design files for a drone propeller and download them.

Using the files, the researchers redesigned the propeller. It still looked like the original to the casual eye, but they had introduced 0.1 mm cavities into the blades and the joints so that when maximum stress was applied in flight, they'd quickly weaken and break.

Printing the sabotaged propeller
Printing the sabotaged propeller

According to the team, when the propeller was printed and installed on a commercial drone it looked indistinguishable from the untampered propellers, but it failed as planned after two minutes.

"Imagine that an adversary can sabotage functional parts employed in an airplane's jet engines," says Elovici. "Such an attack could cost lives, cause economic loss, disrupt industry, and threaten a country's national security. Before printing an object, there is a need to check that the file was not modified, and there are many cryptographic means that can be used in order to achieve this goal."

The team's paper can be found here.

The video below shows how the 3D hacking scenario was carried out.

Source: BGU

dr0wned - AM Cyber Attack

6 comments
MD
If 3d Printers can be hacked in this way, so can any CAM based industry.... Subtle changes to machining code can introduce defects in manufactured parts... Computer Security is every company/individual's problem.
Benjamin Clements
So you're saying that people screwing with your designs without you knowing can choose to do so in a way that makes your design non-functional? WOW, I'd have _never_ guessed such a thing. Less sarcastic: So... you saying that there should be some way to test those designs before _actually_ putting them to use? Huh, never would have thought of that without this scenario, especially for something really expensive that can be destroyed in seconds if a single part fails.
Bob Flint
Molded props are very smooth, the 3D ones show steps, & probably imbalanced. If you are able to afford a 3d printer of acceptable quality, then just by the real replacement props instead, and stop crashing into things.
Bob
Critical parts are normally put through a number of tests before being accepted. 0.1mm cavity defects are pretty common in super alloy parts. Usually, the cavities are tiny nitrogen or hydrogen gas bubbles which form as the metals solidify. I'm not too worried about the turbine blades of an F35 but for common mass produced parts where quality control is often spotty or in some cases nearly nonexistent, this could be a real problem. I am even more concerned about electronics made in foreign countries where the hardware and software could be compromised at an almost infinite number of levels making detection very difficult.
ljaques
Interesting article. I guess it's time for all mfgrs to take their 3D printing computers off the Internet. I would be surprised to learn that someone like Boeing would be online in the first place. Doesn't the DOD limit that? If not, why doesn't Homeland keep defense contractors safe? </smartarse>
JimmyDavis
Ahhhh, the human heart ! Who can know it ? .... filled with lies and deceit !