Carnegie Mellon Researchers Develop Tool to Protect Networked 3D Printers

All devices that are connected to the internet — either directly or through a network with a device that does have access — have the potential to be attacked. But 3D printers pose a unique risk, as they are rarely given the same level of security as computers are, and they can be used in dangerous ways. For instance, it’s possible for an attacker to setup a situation that could potentially cause a fire. It is, however, still beneficial to network your 3D printers so you can monitor and control them remotely. That’s why researchers from Carnegie Mellon University have developed a tool to protect networked 3D printers.

The tool they developed is called C3PO (Connected 3D Printer Observer), and it’s designed to find security vulnerabilities among 3D printers. Aside from physical hazards like fires, those vulnerabilities pose financial risks to corporations that utilize networked 3D printers. Attackers can steal valuable intellectual property or simply make the printers inoperable in order to tie up resources. The conclusion is undeniable: 3D printers should be secured just as well as any other computer or device on a network. C3PO can help infosec professionals do exactly that.

C3PO does that by identifying two important security factors: vulnerabilities present with a specific 3D printer model or add-on, and the attack vectors that could be potentially used to exploit those vulnerabilities. For example, you might use AstroPrint with a webcam to monitor a 3D printer. C3PO will determine if the software or webcam have any vulnerabilities. If either does, it will then find any attack vectors that allow that vulnerability to be exploited through your network. This gives you the opportunity to take the appropriate actions to secure your 3D printer. C3PO was tested on eight unique 3D printers, and all were found to be vulnerable to DoS (Denial of Service) attacks. The researchers haven’t said if C3PO will be sold any time soon, but its development is certainly important.