3D Printing, Cybersecurity, and Audio Fingerprinting

We all understand the risk of someone taking over our computers or phones for nefarious purposes. But remote access to printers and fax machines was something most people took a little less seriously. After all, you might get some obscene printouts or someone wasting some paper, but in general, those are not big deals. Some researchers however have lately been pondering what might happen should someone break into your 3D printer. Of course, you could bring a printer down to deny service, or cause things to malfunction — maybe even in ways that could be dangerous if the printer didn’t have sufficient safety features. But these researchers are more crafty. They are studying how you know what you’ve printed hasn’t been subtly sabotaged. They also think they have an answer.

If you are printing another Benchy at home this probably isn’t a real concern. However, according to the paper, 3D printing now accounts for over $6 billion of revenue with 33.8% of all parts having some function. This includes a recent FAA approval for a 3D-printed fuel nozzle for a jet engine. So indulge us in a little science fiction. You are about to fly your drone to take video of an important social function. You are worried about one of your props, so you 3D print a new one. Too bad your competitor has hacked your computer with a phishing e-mail and modified your STL files so that the new prop will have built-in weak spots internally. The prop will look fine and you’ll be able to install it. But it is going to fail right when you are taking those critical shots.

Did we say that’s science fiction? Actually, it is only a bit of an embellishment on an actual demonstration attack cited in the paper. So what do you do about it? The proposed solution is an audio fingerprinting method that knows what it sounds like to print the object.

Of course, that fingerprint isn’t going to be perfectly the same every time, so the paper describes how to compare the audio and how certain parameters like microphone location affected results. They were able to detect when things were maliciously modified.

Honestly, to us, this seems like a solution looking for a problem. Despite media hype about the security of 3D printing, the real attack here for most printers is on a computer that is generating the codes destined for the printer. You could also attack anywhere back in the chain. Remember the Ken Thompson hack? You could easily modify a slicer or any other tool in the chain to add your defects.

If you are really worried about this it seems that you would cryptographically sign your STL files, and part of the printing process would be to verify the signature and a digest of the file. That would make much more sense. Can you break a crypto signature? Probably. But it isn’t easy. And we are guessing you could fake out the audio fingerprinting at least as easily.

Still, it is an interesting subject to think about, and more proof that whatever you do, bad guys will find a way to make it a bad thing. If you think only big computers get hacked, think again. Some of these are possible because designers just aren’t paying attention to security.