Defects introduced in 3D-printed parts were undetectable by common industrial monitoring techniques, study says Many 3D printers lack cybersecurity features, which presents opportunities to introduce defects as components are being built, a new study shows.The study, performed by a team of cybersecurity and materials engineers at New York University, concluded that with the growth of cloud-based and decentralized 3D printer production supply chains, there can be “significant risk to the reliability of the product.”Additive manufacturing (3D printing) is creating a globally distributed manufacturing process and supply chain spanning multiple services, and therefore raises concerns about the reliability of the manufactured product, the study stated.The Federal Aviation Administration recently certified the first 3D-printed part for GE commercial jet engines. Automakers such as Ford have been using additive tech to build products and prototypes for years. In fact, without 3D printing, the Ford Motor Co. would not be able to meet its new model vehicle build deadlines.Ramesh Karri, an NYC professor of electrical and computer engineering, said it’s entirely feasible that an attacker could hack into an internet-connected printer to introduce internal defects as a component is being printed. “New cybersecurity methods and tools are required to protect critical parts from such compromise,” Karri said in a statement.The NYU research team proved it was able to hack into networks to control 3D printers and, in a controlled experiment, introduced sub-millimeter defects between printed layers. “They found that the defects were undetectable by common industrial monitoring techniques, such as ultrasonic imaging, which do not require destruction of the sample,” the study said.Over time, materials can weaken with exposure to fatigue conditions, heat, light and humidity, and become more susceptible to the small defects.“With 3D printed components, such as metallic molds made for injection molding used in high temperature and pressure conditions, such defects may eventually cause failure,” said Nikhil Gupta, a materials researcher and an associate professor of mechanical engineering at NYU’s Tandon School of Engineering.Additive manufacturing begins with a computer assisted design (CAD) file. 3D printing software, known as a G-code generator, then deconstructs the design into hundreds or thousands of slices and works to orient the robotic 3D printer head. The 3D printer then applies materials layer-by-layer that are typically as thin as 25 microns or less. To put that in perspective, 100 microns is about the thickness of a sheet of paper or a human hair; 7 microns is about the diameter of a red blood cell.The researchers reported that the orientation of a 3D printed product during the manufacturing process could make as much as a 25% difference in its strength. However, since CAD files do not give instructions for printer head orientation, Gupta said, cyber attackers could deliberately alter the process without detection. Karri added that with the growth of cloud-based and decentralized production environments, it is critical that all entities within the additive manufacturing supply chain are aware of the risks. Related content news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Malware Cybercrime news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain Supply Chain news New CISO appointments 2023 Keep up with news of CSO, CISO, and other senior security executive appointments. By CSO Staff Dec 08, 2023 28 mins CSO and CISO CSO and CISO CSO and CISO news Top cybersecurity product news of the week New product and service announcements from Coro, Descope, Genetec, Varonis, Cloudbrink, Databarracks, and Security Journey By CSO staff Dec 07, 2023 22 mins Generative AI Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe