ON THE TOPIC OF | CYBERSECURITY
RCIYSBKESR I N 3D PRINTING With the increasing use of 3D printing,
Corey Nachreiner, CTO at WatchGuard
Technologies, looks at the potential cyber
risks and how to keep this fast-growing
technology safe.
According to Dutch 3D
printer manufacturer
Ultimaker, 25% of
businesses will take
up 3D printing over the next two
years, compared to 7% currently.
This is because, across the globe,
awareness of what this exciting new
technology can deliver is growing
at the same time as the cost is
dropping, enabling wider industrial
and commercial adoption.
So far, we haven’t seen any
real-world attacks on 3D printing
systems, nor are we aware of any
publicly known breaches due to the
technology. Most of the discussion
and research around their
vulnerabilities and weaknesses
comes from security researchers
finding potential problems,
but that statement shouldn’t be
misinterpreted; researchers have
found proven and exploitable flaws.
Criminals just don’t appear to have
3D printing in their sights – at least
for the time being.
Having said that, these 3D
printers run software like any
other computing device and that
software can be vulnerable to
programming flaws and backdoors
that allow various types of attack,
up to and including gaining
complete control of the 3D printing
device. Since we often connect
these printers to a network, either
directly or through a printing host,
vulnerabilities in their network
software could potentially give
attackers full remote control of
a printer. This is not just theory,
as researchers have found and
released details on specific
vulnerabilities in particular models
of printer or accompanying
network software, that have been
proven exploitable.
Additionally, many security
experts worry about the data
security of 3D model files used
to generate the actual prints. If
not secured properly, they may
give criminals access to valuable
intellectual property if they
include R&D prototypes or other
internal designs. Furthermore, a
sophisticated actor with access to
these files could make very subtle
changes that are not immediately
viewable to the human eye but
could result in compromising or
weakening the finished product.
While these new threat surfaces
could potentially result in attacks
with significant impact, so far, we
are not aware of any real-world
criminal attacks.
TRHISEK MSOST PROBABLE
3D printers come in many levels,
from hobbyist ones that print small,
proof-of-concept plastic models,
to very robust professional printers
that can create useable mechanical
or medical parts. In connected
production environments, the
most potentially damaging threats
could be:
■ A simple denial of service
(DOS) attack. If you are using a
printer professionally to output
commercial parts, a simple DOS
attack will cost you money. Prints
can sometimes take a long time, so
an attack simply forcing an error
at the end of a print could result in
many unusable parts costing you
time and money.
■ Intellectual property theft. These
printers, by definition, are printing
from 3D model files. If those 3D
models are your intellectual
property, the plans themselves
need to be protected.
■ A hidden trojan horse in your
network. While all 3D printers
can be different, some actually
embed regular networked
computers. A software flaw could
give an attacker full control of
TAHBOE UT AUTHOR
Corey Nachreiner,
CTO at
WatchGuard
Technologies
16 WWW.EUREKAMAGAZINE.CO.UK | APRIL 2020
/WWW.EUREKAMAGAZINE.CO.UK