Demonstration 3D Print Hack Proves Little

Propeller bits fly off a drone made with hacked STL files

Propeller bits fly off a drone made with hacked STL files

Researchers from Ben Gurion University successfully executed a hack on a 3D printing process, but I’m wondering what to make of it. 

The research was documented in a short video that explains the steps undertaken: 

  • A hacker introduces malware via a phishing attack to a victim whose PC holds certain STL 3D models
  • The malware connects remotely to the hacker and enables control of the PC’s files
Accessing 3D model files remotely

Accessing 3D model files remotely

  • The hacker downloads a specific 3D model, in this case a propeller model
Introducing "cavities" into a hacked 3D model file

Introducing "cavities" into a hacked 3D model file

  • The hacker then uses a CAD system to “adjust” the 3D model by introducing “cavities” in the propellor’s interior that would dramatically weaken the object, yet not be visible externally
Uploading hacked STL files

Uploading hacked STL files

  • The updated STL files are uploaded to replace the original files on the PC
  • The unknowing user 3D prints the propeller and gets a nasty surprise when flying the drone with it

Here’s the whole video:

This approach would certainly work in this particular scenario, but I’m a bit mystified why it would be feasible in real life. 

Anyone designing a serious part would want to provide protection for their design files, particularly in large companies. The designs are literally more important than the parts themselves! 

Parts are very often versioned, with multiple iterations occurring to eventually arrive at a final design. These iterations should be tracked using a version control system, and indeed often are, again especially in large companies. Such an attack would be much more complex if the 3D model is embedded within a cloud-based (or local network) management system, and it would be subject to audit logs detailing a change. 

To me, an STL file is simply yet another digital document that should be protected, just like all the other files you make use of. If you’re compromised, then ALL of your files are questionable, be they database, email, images, audio, documents or yes, even 3D models. This is not a surprise to me; someone breaks in and messes up your files. 

Don’t let them break in. 

Manage your 3D files. 

It just makes sense.

General Fabb

Kerry Stevenson, aka "General Fabb" has been writing Fabbaloo posts since he launched the venture in 2007, with an intention to promote and grow the incredible technology of 3D printing across the world. So far, it seems to be working!

+