the computer. Even if they do not
leverage that access to mess with
your prints, they now control a
hidden host on your network from
where they can attack the rest of
your internal network.
■ Maliciously damaged or boobytrapped
prints. One of the most
nefarious potential attacks
against 3D printing is maliciously
modifying the model/printing file
used to create the item you are
printing. If you are creating parts
that are being put under any force,
the internals of that model are as
important as the external shape. It
is possible for malicious actors to
modify print files in a way that they
structurally weaken the internal
design, even if its external shape
looks perfectly as expected.
■ Physical risks. Many 3D printers
use potentially dangerous
processes, including very high
heat. It is theoretically possible
for an attacker to disable software
safeguards and cause things like
heating elements to overheat,
maybe even causing damage and
fires.
PTRHORTEEEC DTIMIOENN ASCIORNOSSS
To help prevent any of these breaches
from happening, it’s important to
recognise that when connected to
a network, either directly or via a
printer host computer, these devices
suffer many of the same types of
attacks as traditional computers.
Therefore, applying some of the
same defences you do to your normal
computer often helps.
If your 3D printers are networked,
firewall them from the Internet. This
prevents remote attackers from
accessing them or the printing
hosts that run them. You should also
internally segment your 3D printers
from your most trusted computers
internally (firewalls help here too).
This adds an extra access control
point that may prevent any successful
attack on your printers from leaking
to your more secure, trusted network.
You should already be segmenting
your Internet of Things (IoT) devices
and putting your 3D printers in that
segment is recommended.
Other network-based security
solutions like Intrusion Protection
Services (IPS) can be leveraged to
potentially catch any exploits that
do target printers. Updating printer
firmware and other 3D printing
software regularly is imperative. Like
any IoT device, 3D printers actually
run software internally, it is just called
firmware when it’s embedded into
hardware. Many don’t think about
updating the software that comes with
hardware, but it does get updates
from vendors (though less regularly),
so it should always be up to date.
When researchers, or worse yet
criminal hackers, do find software
vulnerabilities in specific printer
software, that update could fix it and
prevent it being targeted.
Currently, known attacks on
production 3D printers are so low
and virtually unheard of, that this
attack vector isn’t particularly relevant
yet, and shouldn’t be a priority.
However, not being aware of any
real-world attacks doesn’t mean they
haven’t happened. More importantly,
researchers have found provable
exploits that work and do pose risk
to specific 3D printing devices and
software. Over the last decades, the
cyber security research community
has had a great track record of
predictively researching certain new
vectors of attack long before they
became a common vector among
criminal hackers. It therefore wouldn’t
be surprising to see cyber criminals
target 3D printing devices more
regularly within the next five years.
If individuals and companies
leverage 3D printing for critical
business processes, attacks on them
can cost them money, as well as their
reputation – particularly if print parts
fail when it comes to operations. !
APRIL 2020 | WWW.EUREKAMAGAZINE.CO.UK 17
/WWW.EUREKAMAGAZINE.CO.UK