Demonstration 3D Print Hack Proves Little

, Demonstration 3D Print Hack Proves Little
Propeller bits fly off a drone made with hacked STL files

Researchers from Ben Gurion University successfully executed a hack on a 3D printing process, but I’m wondering what to make of it. 

The research was documented in a short video that explains the steps undertaken: 

  • A hacker introduces malware via a phishing attack to a victim whose PC holds certain STL 3D models
  • The malware connects remotely to the hacker and enables control of the PC’s files
, Demonstration 3D Print Hack Proves Little
Accessing 3D model files remotely
  • The hacker downloads a specific 3D model, in this case a propeller model
, Demonstration 3D Print Hack Proves Little
Introducing “cavities” into a hacked 3D model file
  • The hacker then uses a CAD system to “adjust” the 3D model by introducing “cavities” in the propellor’s interior that would dramatically weaken the object, yet not be visible externally
, Demonstration 3D Print Hack Proves Little
Uploading hacked STL files
  • The updated STL files are uploaded to replace the original files on the PC
  • The unknowing user 3D prints the propeller and gets a nasty surprise when flying the drone with it

Here’s the whole video:

This approach would certainly work in this particular scenario, but I’m a bit mystified why it would be feasible in real life. 

Anyone designing a serious part would want to provide protection for their design files, particularly in large companies. The designs are literally more important than the parts themselves! 

Parts are very often versioned, with multiple iterations occurring to eventually arrive at a final design. These iterations should be tracked using a version control system, and indeed often are, again especially in large companies. Such an attack would be much more complex if the 3D model is embedded within a cloud-based (or local network) management system, and it would be subject to audit logs detailing a change. 

To me, an STL file is simply yet another digital document that should be protected, just like all the other files you make use of. If you’re compromised, then ALL of your files are questionable, be they database, email, images, audio, documents or yes, even 3D models. This is not a surprise to me; someone breaks in and messes up your files. 

Don’t let them break in. 

Manage your 3D files. 

It just makes sense.

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest

Email us

Feedback, Tips?

We’ll use the details you provide on this form to contact you regarding your inquiry. You can read our Privacy Policy here.

Be Informed!

Keep up to date on the latest developments in 3D printing and additive manufacturing