Dr0wned – Cyber-physical attack with additive manufacturing

Sofia Belikovetsky, Mark Yampolskiy, Jinghui Toh, Jacob Gatlin, Yuval Elovici

Research output: Contribution to conferencePaperpeer-review

87 Scopus citations

Abstract

Additive Manufacturing (AM, or 3D printing) is an emerging manufacturing technology with far-reaching implications. AM is increasingly used to produce functional parts, including components for safety-critical systems. However, AM’s unique capabilities and dependence on computerization raise a concern that an AM generated part could be sabotaged by a cyber-physical attack. In this paper, we demonstrate the validity of this concern by presenting a novel attack: reducing the fatigue life of a functional part. We develop a sabotage attack against a specific 3D-printed quadcopter propeller, causing its mid-flight failure, ultimately leading to the quadcopter’s fall and destruction. The study described in this paper presents the very first full chain of attack against AM. We present all stages of the attack, beginning with a cyber-attack aimed at compromising a manufacturing environment and ending with the destruction of the target system that employs this part. Among major scientific contributions of this paper are a new category of a sabotage attack (accelerated fatigue), a novel systematic approach to identify options for such attack involving AM, and a demonstration of an empiric approach for the development and validation of an AM specific malicious manipulation. We further demonstrate how the proposed sabotage attack can be integrated in a worm, thus enabling a wide-scale attack targeting either specific or similar enough digital design files of functional parts.

Original languageEnglish
StatePublished - 1 Jan 2017
Event11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017 - Vancouver, Canada
Duration: 14 Aug 201715 Aug 2017

Conference

Conference11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017
Country/TerritoryCanada
CityVancouver
Period14/08/1715/08/17

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems
  • Software

Fingerprint

Dive into the research topics of 'Dr0wned – Cyber-physical attack with additive manufacturing'. Together they form a unique fingerprint.

Cite this