Security Analysis of Networked 3D Printers and their Deployments (CMU-CyLab-20-001)

Networked 3D printers are an emerging trend, enabling agile manufacturing. However, they are simultaneously increasing the security threats to manufacturing by creating new ways for attackers to cause physical hazards, steal proprietary data, create defective parts, or halt operations. Prior work has given limited attention to the security implications of adding these machines to a network. In this work, we present C3PO, an open-source network security analysis toolfor systematically identifying security threats to networked 3D printers. C3PO’s design is guided by industry standards and best practices. It identifies potential vulnerabilities in data transfer, the printing application, availability, and exposed network services. Furthermore, C3PO analyzes the security implications of a 3D printer’s network deployment, such as an attacker compromising a camera to modify printing instructions “on-the-wire.” We use C3PO to analyze 13 networked 3D printers and 5 realworld manufacturing network deployments. We identified 33 network security trends in networked 3D printers such as a susceptibility to low-rate denial of service attacks (all 13), transmitting unencrypted data (12/13), and being deployed on publicly accessible networks (2/5). We leverage these findings to provide recommendations on securing networked 3D printers and their deployments.