A group of researchers from three universities combined their skills to demonstrate the first complete sabotage attack on a 3D additive manufacturing (AM) system, describing the way a cyber attack and malicious manipulation of blueprints can seriously damage production of a machine or device.
In their research paper titled "Dr0wned," researchers from Ben-Gurion University of the Negev (BGU), the University of South Alabama and Singapore University of Technology and Design explain how to impair the quality of a 3D-printed functional part, which results in the destruction of a device.
By hacking into the computer controlling the 3D printing of replacement propellers, the researchers were able to damage a $1,000 quadcopter UAV drone. This was demonstrated in a proof-of-concept video.
Once they broke into the computer, the team spotted the propeller blueprint file and planted defects untraceable by visual inspection. During flight tests, the damaged propeller broke apart during take off, causing the drone to fall to the ground and be completely destroyed.
Over 100 industries including aerospace, defense, and automotive, make use of additive printing processes. According to the Wohlers Report, the AM sector accounted for $5.165 billion of revenue in 2015. Moreover, 32.5% of all AM-produced objects are used as functional components.
Imagine that an adversary can sabotage functional parts employed in an airplane's jet engines. Such an attack could cost lives, cause economic loss, disrupt industry, and threaten a country's national security. With the growth of additive manufacturing worldwide, we believe the ability to conduct malicious sabotage of these systems will attract the attention of many adversaries, ranging from criminal gangs to state actors, who will aim either for profit or for geopolitical power. 'Dr0wned' is not the first article that raises this issue. However, all prior research has focused on a single aspect of a possible attack, assuming that all other attack elements are feasible. This is the first experimental proof of a complete attack chain initiated by sabotaging the 3D-printed propeller.
Prof. Yuval Elovici
Elovici is a member of BGU's Department of Software and Information Systems Engineering, director of the Deutsche Telekom Innovation Labs @ BGU and the BGU Cyber Security Research Center (CSRC). The CSRC is a partnership between the University and Israel's National Cyber Bureau, focused on next generation cyber security subjects.
The joint study conveys the risky consequences of cyber attacks, and suggests a systematic method for identifying opportunities and a technique for evaluating the level of complexity of an attack involving AM.