4D printing: Hackers could sabotage components to cause catastrophic failures

Attackers could gain access to printers and manipulate designs of parts such as aircraft propellers in ways that are difficult to detect


10 December 2021

R25AWR Shenzhen, China's Guangdong Province. 16th Nov, 2018. An exhibitor shows f 4D printing works of ceramic samples at the 20th China Hi-Tech Fair (CHTF) in Shenzhen, south China's Guangdong Province, Nov. 16, 2018. Credit: Mao Siqian/Xinhua/Alamy Live News

4D printed ceramic samples on display at a tech fair

Xinhua / Alamy Stock Photo

4D printing, a new technology that creates parts that change shape when exposed to stimuli like heat or moisture, could be vulnerable to hackers that infect printers and manipulate parts in malicious ways, security researchers have warned.

3D printers are widely used to build plastic, metal and ceramic parts for everything from aircraft to medical implants. So-called 4D printing isn’t yet widely used in industry, but it uses combinations of materials such as hydrogel filaments that expand by up to 400 per cent in moisture. It is possible to print water valves that shut off automatically once they reach a certain temperature, or a 2D printed sheet that folds itself into a complex 3D shape.

Tuan Le at Rutgers University in New Brunswick, New Jersey, and his colleagues warn that as 4D printing is adopted by mainstream manufacturing, the underlying security should be analysed. They suggest that using it in critical applications, such as aircraft and medical devices, could open the door for malicious attackers to cause “catastrophic failures”.

The researchers claim that a hacker who gains access to a computer designing parts or the printer itself could tweak designs. “The attacker can compromise the controller software that is in charge of the selection of printing materials. This would enable the attacker to implement the attack and embed the smart material in pre-determined spots for delayed activation,” they write in a summary of research they are presenting at the Annual Computer Security Applications Conference, taking place virtually.

For example, aircraft propellers could be altered so that they change pitch angle at a certain temperature, potentially causing a crash. In experiments, a propeller with malicious changes produced 42g of thrust at 25 per cent throttle, while the original design produced 55.8g. Both propellers appeared identical.

Alternatively, face masks could be modified so that when they are cleaned with water, a tiny channel is formed by dissolving material that allows air and viruses to pass through the filter.

To protect against these threats, the researchers say that CT scans can detect manipulations better than existing approaches. In tests, they found that scans lasting 30 minutes could distinguish hacked propellers from benign ones with 94.6 per cent accuracy.

Adrian Bowyer at 3D printing research company RepRap says that similar attacks have been possible for decades on machines that carve metal parts, and that 4D printing is no different. “The digital machines doing that could be attacked in exactly the same way, with similar results,” he says. “Any digitally controlled manufacturing process for a complicated multi-part object is equally susceptible, and has been since the invention of computer numerically controlled machines almost 70 years ago.”

Bowyer says he is unaware of a single such attack in the real world. “When things are made as one-offs for critical applications, they are rigorously tested. This would reveal the attack,” he says. “When things are made in bulk for critical applications, they are randomly sampled and the samples are rigorously tested. This would also reveal the attack. The sensing techniques that they have developed would probably be a lot more useful to tell when a printer had gone wrong, which is a much more likely eventuality than a deliberate attack.”

Eujin Pei at Brunel University London says that tiny changes to printing instructions can change the property of even traditional 3D printed parts, but agrees that the best defence is good quality control. “You need to undergo stringent tests for this type of application,” he says.

More on these topics: