3D Printing Hack Downs Drone

3D Printing Hack Downs Drone 3D Printing Hack Downs Drone 3D Printing Hack Downs DroneThe 3D-printed consumer drone hovers in mid-air, as pulsing percussion hints of doom. Then, less than two minutes into its first flight, which welches captured on a YouTube video, the drone spins out of control and crashes.The cause of the crash? The first successful attempt to hack into a computer and sabotage an additive manufacturing design, said researcher Mark Yampolskiy of the University of South Alabama, the coauthor, with researchers from Ben Gurion University and Singapore University of Technology and Design, of a paper on the hack.The YouTube video, posted in August 2016 and watched by more than 36,000 people so far, could be the Cliffs Notes for the paper.Manufacturers are already making parts for jet engines and other machines using additive manufacturing. Engineers are generally very good at accounting for random natural variations of physical processes, Yampolskiy said, both during man ufacturing itself and in real-life conditions a manufactured part will be exposed to.These are often accounted for by incorporating a safety factor in the design. Unfortunately, engineers also generally overlook security aspects, he said.3D-printed rotor blades make this quadcopter vulnerable to sabotage. Image Mark Yampolskiy, University of South AlabamaPrevious demonstration sabotages of 3D printing designs started with the perpetrator already inside the computer hosting the design. Then the perpetrator simply manipulated blueprints and showed that it could harm mechanical properties, Yampolskiy said.His teams attack went a step further. They used an ordinary phishing attack, sending an e-mail that downloaded an infected zip file. That gave the researchers what they called a reverse tunnel into the computer hosting the design. They manipulated the design and inserted cavities into the propeller blades. The cavities caused the propeller to break in mid-air.In theory, the quality-co ntrol process could catch defective parts made from a sabotaged design. But in this case, the additively manufactured drone wing was sabotaged in a way that would escape detection during typical quality-control measures.All of these tests have limits in terms of defects that can be detected, Yampolskiy said. A physical inspection could also have revealed the problem, said Sven Schrecker, chief architect for IoT security solutions at Intel. However, the novelty in this particular attack is that the compromise is digital, the tampering is very subtle and may not have been caught, as it is not visible to the human eye, he said.Defects inserted in the control files for a 3D printer weakened blades on this quadcopter, causing a crash. Image Mark Yampolskiy, University of South AlabamaThe part was also sabotaged to not fail right awayanother way for the product to make it through manufacturing quality control, then fail when in use. To prevent sabotage attempts, one possible solution woul d be to create designs of functional parts with a higher safety factor, Yampolskiy said. But this would increase size, weight, and cost, which would make this approach impractical and unlikely, he said. Another approach would be to develop the ability to detect ongoing or already successful attacks, but this would require better quality control measures than are currently available.The demonstration is already forcing the additive manufacturing industry to adopt cybersecurity best practices by making sure software and firmware are up to date constantly monitoring network traffic and creating an air gap between the internet and the production network, he said.The integrity of each product and component in the supply chain must also be attested to, Schrecker said. The owner or operator of the equipment must be able to interrogate each component of the system to attest to that elements integrity. Each component, in turn, interrogates its subcomponents to attest to their integrity and, when complete, reports its findings.After successfully showing that 3D-printed designs can be hacked and sabotaged, Elovici and Yampolskiy have turned to preventing attacks before they succeed. A thwarted sabotage may not make for an exciting YouTube video, but it would be an important step forward.Karen Haywood Queen is a technology writer based in Williamsburg, VA.Engineers are generally very good at accounting for random natural variations of physical processes Unfortunately, engineers also generally overlook security aspects. Prof. Mark Yampolskiy, University of South Alabama