It's 2016, and mostly anything is hackable. And while the ramifications of computer hacks are usually limited to leaks, botnets, and file destruction, hacks are slowly becoming more of a threat to our physical world. We've already seen the effect hacking can have on power stations, and know that hackers can remotely disable internet-connected cars, but now hackers have even found a way to sabotage drones in a completely undetectable way: by damaging components when they are made in a 3D printer.
Research by cybersecurity experts from the Ben-Gurion University of the Negev in Israel, the University of South Alabama, and Singapore University of Technology and Design details how 3D printers can be infiltrated and fatal design defects can be embedded into the manufacturing process of drone components.
As part of the research, titled "dr0wned – Cyber-Physical Attack with Additive Manufacturing", the researchers phished their way into a computer that was connected to a 3D printer, found the blueprints for a drone propeller that was to be printed, and sabotaged the design. The result? The quadcopter-style drone endured a catastrophic crash just two minutes into flight thanks to a faulty propeller. The design defects planted into the propeller were undetectable to the human eye, and you can watch the full video below.
Additive manufacturing (AM), also known as 3D printing, is currently taking off in commercial industries. Some of the world's biggest aviation manufacturers, such as Airbus, are designing and making aerospace components using 3D printers. This, according to the researchers, is an invitation for sabotage.
"This paper demonstrates the validity of this concern," the researchers wrote, "as we present the very first full chain of attack involving AM, beginning with a cyber attack aimed at compromising a benign AM component, continuing with malicious modification of a manufactured object's blueprint, leading to the sabotage of the manufactured functional part, and resulting in the physical destruction of a cyber-physical system that employs this part."
Attacks on desktop 3D printers have been done before, with attackers able to modify the printing results of the components, such as size and the position of the parts, the researchers said that this work demonstrates one of the first times this type of "indirect, multistage, cyberphysical attack" has actually been demonstrated.
The researchers conclude that even though their attack was experimental and only breached a private person's desktop 3D printer, similar attacks are possible on industrial systems that print metal parts for safety-critical systems. "In order to protect public safety and national security, solutions should be found and implemented that will increase both robustness and resilience of AM to sabotage attacks," the researchers said.
Get six of our favorite Motherboard stories every day
by signing up for our newsletter