dr0wned – Cyber-Physical Attack with Additive Manufacturing

Additive Manufacturing (AM, or 3D printing) is an emerging manufacturing technology with far-reaching implications. AM is increasingly used to produce functional parts, including components for safety-critical systems. However, AM’s unique capabilities and dependence on computerization raise a concern that an AM generated part could be sabotaged by a cyber-physical attack.

In this paper, we demonstrate the validity of this concern by presenting a novel attack: reducing the fatigue life of a functional part. We develop a sabotage attack against a specific 3D-printed quadcopter propeller, causing its mid-flight failure, ultimately leading to the quadcopter’s fall and destruction. The study described in this paper presents the very first full chain of attack against AM.We present all stages of the attack, beginning with a cyber-attack aimed at compromising a manufacturing environment and ending with the destruction of the target system that employs this part. Among major scientific contributions of this paper are a new category of a sabotage attack (accelerated fatigue), a novel systematic approach to identify options for such attack involving AM, and a demonstration of an empiric approach for the development and validation of an AM specific malicious manipulation.

We further demonstrate how the proposed sabotage attack can be integrated in a worm, thus enabling a widescale attack targeting either specific or similar enough digital design files of functional parts.