FLAW3D: A Trojan-based Cyber Attack on the Physical Outcomes of Additive Manufacturing
This work addresses a critical security risk for digital manufacturing, specifically for users of over 100 commercial 3D printer models, by exposing how cyber attacks can physically compromise product quality.
The researchers tackled the cybersecurity vulnerability of additive manufacturing systems by designing a malicious Trojan for AVR-based 3D printers, demonstrating that it can hide from detection and reduce tensile strengths by up to 50% in printed parts.
Additive Manufacturing (AM) systems such as 3D printers use inexpensive microcontrollers that rarely feature cybersecurity defenses. This is a risk, especially given the rising threat landscape within the larger digital manufacturing domain. In this work we demonstrate this risk by presenting the design and study of a malicious Trojan (the FLAW3D bootloader) for AVR-based Marlin-compatible 3D printers (>100 commercial models). We show that the Trojan can hide from programming tools, and even within tight design constraints (less than 1.7 kilobytes in size), it can compromise the quality of additively manufactured prints and reduce tensile strengths by up to 50%.