Internet Connected 3D Printers – The Risks

Is Your Internet Connected 3D Printer Secure?
Machines process a wealth of valuable product data. Hackers look forward to getting their hands on it.

In the news there have been admissions by various governments that not only computers and the cloud are under constant attack from hackers but so are many innocuous devices connected to the internet.

The Internet Of Things

Devices of interest to hackers are used everywhere from the home to industrial complexes. And of course there are very serious consequences if devices controlling equipment in sensitive installations are breached; think of internet connected equipment used in the energy, nuclear and defense industries.

Only yesterday the major media, Reuters, BBC, CNN etc reported a massive cyber attack against the Federal government of the United States on an unprecedented scale. A serious data breach involving potentially 4 million government employees, past and present. Cyber-warfare and hacking for criminal gain are very real.

The internet of things carries tremendous risk too as the number of devices and importance of their roles increase. Such devices are fast becoming ubiquitous. They often hold and process increasingly important data.

The bad news according to many security experts is that many of these devices are not secure, mainly in the name of keeping down development and licensing costs (e.g. why add encryption or even passwords?).

The Shodan Search Engine

Crew’s comment: Ordinary people (even the IT minded) think that protecting their computer and routers with long WEP passwords is going to be enough to deter hackers. They also place faith in the Cloud where data is strongly encrypted but everyday we hear of data being stolen.

Frankly, a lot of data once released to a networked device isn’t safe if search engines like Shodan are on the prowl. Once a network has been breached the only defense left against a hacker is the device itself. Often it is the internet connected device which allowed an unauthorized access to the network in the first place.

The Shodan search engine is different. It doesn’t look for web sites given a search term but instead hunts down connected devices: network attached storage devices … and of course 3D printers could be targeted. Many devices are often insecure and will give up their data easily. Equally so they can be controlled or shut down. 3D printers are no exception either. This lack of security and vulnerability presents an open door to those whose intentions are far from benign.

On one end of the scale is a huge threat where an economy can be targeted by an enemy government to disrupt their supply chain. A war without physical military action. However, an equally serious threat is in the theft of intellectual property. If a 3D printer can be targeted which is holding a file for a new turbine blade on a jet engine, the loss financially is not thousands but millions of dollars in competitive advantage. Industrial espionage is big business and to ever think otherwise is simply naive.

Secure 3D Printers

When a 3D printer is connected to a network it is assigned an IP address. This immediately presents a target (hello this is the door!). If the address becomes public (there are many ways that can happen) and the machine is not secured, it can be inspected. Those with a little knowledge can gain access to the data it is holding or even take control of it.

Editor: I am just waiting to hear the first reports of how a product file has been stolen from a hacked 3D printer. One potential solution for secure 3D printing is to make sure the 3D printer never has the complete design file in the clear but instead decrypts a stream of data, printing one part at a time. Today, 3D printers are not secure but they should be.
Internet Connected 3D Printers – The Risks - last modified: June 5th, 2015 by Crew




5 June 2015
Posted by:
Crew