Hackers Could Turn 3-D Printers into Bombs
3-D printing is becoming more and more commonplace, particularly for defense contractors. However, a new report published by the National Institute of Standard and Technology has raised concerns in the technology community that, as they are manufactured now, 3-D printers are vulnerable to hackers stealing sensitive information and changing the operations of the printer in order to induce explosions.
Much of the information is unencrypted, which allows for the information to be "intercepted, exposed, or altered." there are open ports that allow for data to flow to and from the device, but may also allow for data tampering, "When unused ports/protocols are not disabled, attackers may be able to access a machine undetected." Wireless connectivity makes the machine much more convenient, but also allows for communications to be intercepted, if they're not encrypted. Furthermore, the printers allow for remote access for maintenance, which allows for hackers to attempt to hack into this access. This could allow them to "install malware," "gain access to other areas of the network," "compromise configuration settings including passwords," and/or "expose stored information."
"Many devices have default passwords which can be easily obtained and used to access configuration panels, stored data, or to control the device locally or remotely via a web interface."
Michael Chipley, a specialist in cyber-security for building control systems, warned that these types of vulnerabilities could lead to the compromise of large defense systems, with disastrous results: "Like all interconnected systems and devices, once a foothold has been established, then all nodes and other systems are at risk." One famous example is Stuxnet, a 2010 malicious computer worm that destroyed one-fifth of Iran's nuclear centrifuges by inducing self-destruction.
Even more frightening is the reported possibility that hackers could alter or corrupt data; according to the NIST report, "This kind of exploit may be very difficult to detect, but could result in... a potentially hazardous situation (for example, if configuration settings are altered to allow the device to overheat)."
Printer explosions are not hypothetical; a printing company was fined last year after an explosion of a 3-D printer left an employee with third-degree burns. Chipley confirmed that the results of the overheating suggested by NIST could be explosive, as many of the printers used by defense and aerospace companies are made from combustible materials such as titanium and aluminum alloys. "The issue with powders is -because they are so fine-they could become volatile depending on the chemical composition. You probably don't want to have a whole lot of free particulates in the air that can undergo spontaneous combustions."