Researchers covertly modify hacked 3D printer files, cause catastrophic drone crash

[Shawn Knight]

If last week’s massive DDoS attack that disrupted access to major websites including Amazon, Netflix and Reddit by way of hacked Internet of Things (IoT) devices was surprising, prepare to be absolutely floored by what may lie ahead.

Researchers from the Ben-Gurion University of the Negev in Israel, the University of South Alabama and Singapore University of Technology and Design recently demonstrated the ability to hack into a computer with an attached 3D printer using a phishing attack and sabotage the blueprints for a drone propeller that was to be printed.

By making small changes to the propeller’s design that were undetectable to the human eye, the drone with the faulty propeller experienced a catastrophic crash just two minutes into its flight.

Destroying a gadget of significant value is bad enough but what’s really concerning here is that the crash leads to a sizable projectile falling from the sky. It doesn’t take much imagination to see how this could cause serious injury to unsuspecting people below.

The researchers note that while this was simply an experimental attack that only breached a private computer, similar attacks are indeed possible on a much larger scale.

As Motherboard points out, major companies like Airbus are currently designing and making aerospace components using industrial 3D printers. Imagine if an attacker found their way into such a system and made changes that would compromise safety-critical components. In that scenario, one can only hope that such defects would be spotted by quality control before being put into production.

Thumbnail courtesy Secret Service via USA Today

Permalink to story.

https://www.techspot.com/news/66790-researchers-covertly-modify-hacked-3d-printer-files-cause.html

 

[Kibaruk]

Whats the difference of this vs computerized soldering? A bad joint in a car can be much more hazardous on a bigger scale. I mean, it's not the first time that computers are programmed to make unsupervised jobs.

 

[wiyosaya]

An attack by an IoT device is hardly surprising given most IoT devices have absolutely no security and their manufacturers are more interested in making a buck than they are in providing a secure device for their customers, at least IMO.

Hacking something like this is certainly not out of the realm of possibility, although, since the demo attack happened via phishing attack, it seems much more unlikely.

 

[DelJo63]

IMO, highly doubtful report. A propeller has huge centrifugal forces and a cast or deposited material process would never be proposed in the first place. At full RPM, the tip of a propeller is very nearly at the speed of sound.

 

[Evernessince]

This isn't something that ordinary people have to worry about. There is so much variety in 3D printer software that it doesn't make sense to create specialized hacks for a single random person.

This is more or less going to be used as international espionage. Of course, pretty much any electronic that takes network input can be hacked. Rule Number 1 for any organization should be - If it doesn't absolutely need to have network access, don't give it network access. Of course, depending on the risk of said device being on the network.

Any company producing goods from a single file should have that system is a closed network system. If possible, a printer that simply reads the files off USB or provides data integrity checks would be best.

 

[mbrowne5061]

Not really anything new - sounds like a simplified version of stuxnet.

 

[Kibaruk]

This isn't something that ordinary people have to worry about.

Sure it is! I don't wan't no drone falling on my head!!

I think the whole point was that this can happen on a manufacturer's side, if they get hacked and someone want's to put a bad name to them, which requires more and better IT security over factories and the sorts.

 

[Draimen]

I would hope ifor being used in large scale industry that either the pc/equipment is on an air gapped network, or that the machines hooked to the printers are not locally hosting the files but instead simply pulling from a read only share that can simply verify it's files with a checksum.