3D printing technology vulnerable to major compromise say researchers
A new study from the University of California, Irvine, has revealed that the source code of any 3D printer could be enough to compromise valuable intellectual property, allowing cyber hackers to reverse-engineer and re-create 3D printed objects based off of nothing more than a smartphone audio recording. This could amount to a major security breach in the 3D printing process allowing the hackers to potentially engage in corporate espionage.
The team, led by Mohammad Al Faruque, director of UCI’s Advanced Integrated Cyber-Physical Systems Lab, showed that a device as ordinary and ubiquitous as a smartphone can be placed next to a machine and capture acoustic signals that carry information about the precise movements of the printer’s nozzle. The recording can then be used to reverse engineer the object being printed and re-create it elsewhere. Detailed processes may be decoded through this new kind of cyberattack, presenting important security risks.
“In many manufacturing plants, people who work on a shift basis don’t get monitored for their smartphones, for example,” Al Faruque said. “If process and product information is stolen during the prototyping phases, companies stand to incur large financial losses. There’s no way to protect these systems from such an attack today, but possibly there will be in the future.”
Al Faruque’s team achieved nearly 90 percent accuracy using the sound copying process to duplicate a key-shaped object in the lab. They will present their results at April’s International Conference on Cyber-Physical Systems in Vienna – says the potential for corporate or national espionage using reverse-engineering could be very high.
State-of-the-art 3-D printing systems change digital information inserted in source code to build layer upon layer of material until a solid object takes shape. Referred to as G-code, this source file can be kept safe from cyber robbery with strong encryption. However, the printer releases sounds that can give up the secrets buried in the software once the creation process starts.
“My group basically stumbled upon this finding last summer as we were doing work to try to understand the relationship between information and energy flows. According to the fundamental laws of physics, energy is not consumed; it’s converted from one form to another – electromagnetic to kinetic, for example. Some forms of energy are translated in meaningful and useful ways; others become emissions, which may unintentionally disclose secret information.”
The emissions produced by 3-D printers are acoustic signals that contain a lot of information, he said, adding: “Initially, we weren’t interested in the security angle, but we realized we were onto something, and we’re seeing interest from other departments at UCI and from various U.S. government agencies.”
“President Obama has spoken about returning manufacturing to the United States, and I think 3-D printing will play a major role because of the creation of highly intellectual objects, in many cases in our homes,” Al Faruque said, and suggested engineers think about “jamming” the acoustic signals made by the 3D printer with a white noise device or similar tool.
The study was funded by a cyber-physical systems research grant from the National Science Foundation.