3D printers wide-open to hacking

Prototypes can be stolen by recording 3D printers with smartphones, say scientists. Printers should curtail smartphone use near the machines until a fix can be developed, the experts think.

Da Vinci Pro 3D printer
Credit: Lucas Mearian

The sounds that 3D-printer nozzles make as they cross the machine bed can be recorded, analyzed and then used to duplicate prototypes, say scientists.

Smartphones, casually posed adjacent to printers by thieves, can surreptitiously capture the recording of print head movements. The phone can then be recovered and used to reverse engineer the part elsewhere. It might be a big problem with no fix. Manufacturing plants need to curtail smartphone use near the machines. There’s currently no way to stop the theft, think the cyber-physics engineers who discovered the hack from University of California Irvine.

“Companies stand to incur large financial losses,” says Mohammad Al Faruque of the university’s Advanced Integrated Cyber-Physical Systems Lab, in a press release.

The “precise movements” of the nozzle produces a signature sound, and that’s what is captured, to be reverse-engineered later into the intellectual property being printed, say the researchers.

"If process and product information is stolen during the prototyping phases” companies could lose out, Al Faruque thinks.

“There’s no way to protect these systems from such an attack today, but possibly there will be in the future,” he says. Acoustic jamming techniques would probably be the way to go, he reckons. But in the meantime plants must stop “people carrying smartphones near the rapid prototyping areas when sensitive objects are being printed,” he says.

It’s the unique vibrations and acoustic “emissions” that give the game away—despite software being encrypted. The G-code, which is the standard format source file that holds the intellectual property, can easily be encrypted. It’s thus protected as it’s shifted from design studio to print house, thwarting any eavesdropping on the code.

But energy is “converted from one form to another,” it’s not “consumed,” says Al Faruque.

“Electromagnetic to kinetic...” he says of the energy conversion. “Some forms of energy are translated in meaningful and useful ways, others become emissions, which may unintentionally disclose secret information.”

Those “emissions” from the print head nozzle as it extrudes plastic spatially on the X,Y and Z axis, along with the motors pushing the raw material in some cases, can all be captured. You actually don’t need to try to hack into the print head-controlling G-code to perform industrial espionage and decipher corporate design secrets, the scientists think.

Sounds have been used to hack before. Phreaking is a classic hack that dates back to the 1950s. ‘Phone Phreaks,’ as they were called, developed ways to listen in on Touch Tones, the audible tones used to route telephone calls. The sub-culture used those tones to explore the network and made free calls.

Sound signatures, of the kind Al Faruque talks of, can also be used in other industrial scenarios. They can be used to detect when equipment is failing—the machines emit a specific sound.

And new developments in sound fingerprinting might be used in the future to detect hacks on industrial controls and in IoT—the sound that the physical movement of a control turning a valve, say, can be used to identify a spoof because the bogus control doesn’t make the right sound.

Al Faruque says there’s no fix for the 3D-printer hack.

“In many manufacturing plants, people who work on a shift basis don’t get monitored for their smartphones,” Al Faruque said. That should be curtailed, he thinks.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10