Security Analysis of Networked 3D Printers

Networked 3D printers are an emerging trend in manufacturing. However, many have poor security controls, allowing attackers to cause physical hazards, create defective safety-critical parts, steal proprietary data, and halt costly operations. Prior work has given limited attention to identifying if a network attacker is able to achieve these goals. In this work, we present C3PO, an open-source network security analysis tool that systematically identifies security threats to networked 3D printers. C3PO's design is guided by industry standards and best practices, identifying potential vulnerabilities in data transfer, the printing application, availability, and exposed network services. Furthermore, C3PO analyzes how a network deployment impacts a 3D printer's security, such as an attacker compromising an IoT camera in order to send malicious commands to a networked 3D printer. We use C3PO to analyze 13 networked 3D printers and 5 real-world manufacturing network deployments. We identified 8 types of network security vulnerabilities such as a susceptibility to low-rate denial of service attacks, the transmission of unencrypted data, and publicly accessible network deployments.