Counterfeit handbags and toys were just the beginning. Now hackers want to forge 3D-printed products. Can they be stopped?
“Cybersecurity is a cat-and-mouse game.”
An estimated $220 million of U.S. currency is counterfeit. By comparison, according to the OECD, about 2.5 percent of goods, or $461 billion, are fake.
When it comes to counterfeiting, the usual items come to mind: handbags, clothing, toys, and money.
Indeed, the ease of counterfeiting currency with 2D inkjet printing led one Secret Service agent to lament forgery as a “lost art.”
But now that 3D printing is increasingly used to produce goods ranging from airplane parts to fine art, a whole new market is ripe for fakery.
“Counterfeiting is a much smarter market to be in than, say, cocaine or heroin because, by and large, you and I aren’t going to buy cocaine and heroin,” says Sharon Flank, CEO of InfraTrac, a company dedicated to the battle against fraudulent 3D-printed products.
Flank took up the forgery fight when it became clear that traditional protective measures—such as holograms or laser etching — were losing their luster against the arsenal of the modern faker, who is increasingly adept at replicating such protections.
“Overt measures, the things you see, are very reassuring to the customer and in general utterly ineffective,” she says.
By contrast, Flank’s anti-piracy system uses full-spectrum spectroscopy to scan for a chemical fingerprint using light.
A pocket spectrometer bounces light through the object, detecting the fingerprint and checking it against the manufacturer’s database.
“Think about 3D printing as a sandwich, with bread in layers,” Flank says. “We sneak a little bit of jelly in under the last piece of bread.”
This extra “jelly” doesn’t cover the entire layer, just a little spot. And it’s hidden below the surface during the standard 3D fabrication process.
For a 3D printer using two materials — for example, ABS and PLA filaments or inks — the jelly might involve using PLA in a region where only ABS is common.
InfraTrac’s method requires the manufacturer to use more than one material to create a fingerprint that is embedded within the digital design file.
The fingerprint is stored in a database, and the object can then be scanned and validated at any point further down the supply chain.
Securing the digital supply chain
Consumer products are one thing, but what about 3D-printed parts for wind turbines, industrial robots or cars?
As additive manufacturing becomes more prevalent in the manufacturing industry, part legitimacy is a real concern.
For example, imagine a future when automakers have digitized their entire parts catalogs.
Instead of ordering hard-to-find parts, any garage (with the proper advanced manufacturing technology) could print and fit that same part while the customer waits.
This sounds appealing in terms of saving time for consumers, but without adequate fraud protection, automakers have little incentive to make such a digital library available.
The aftermarket for auto parts is already sizable at $318.2 billion, and attempts by the automotive industry to prevent off-brand replication have failed.
Here, a system like InfraTrac’s could be the needed foil for counterfeiters. Engines are already highly dependent upon computers for operation.
So as costs fall and technology continues to shrink in size, a version of InfraTrac’s technology incorporated into a car’s operating system might verify legitimately purchased and locally printed digital files.
At present, InfraTrac is working with customers in the aerospace, automotive, medical, and defense industries.
Counterfeiting not for profit
3D printing may be at the core of the next industrial revolution (aka Industry 4.0), but susceptibility to hacking is one distinct barrier to the technology reaching full industrialization.
Manufacturers must be able to trace parts, such as the critical components for aircraft or medical devices, and prevent the use of counterfeit parts — but they must also be impervious to cyberattacks on design and process integrity.
Several weak points, or attack vectors, should be considered to ensure resiliency.
For example, industrial control systems (ICS) monitor and control industrial processing.
Within Industry 4.0, 3D printers are increasingly likely to be connected to this network, and hacking these systems is way easier than it should be.
In his recent talk, industrial cybersecurity professional Brad Hegrat describes it this way: “It’s like picking on the small kid at kindergarten.
It’s real easy to do, but if you’ve got a soul, you’ll probably feel bad about it afterwards.”
Materials scientist and New York University Engineering professor Nikhil Gupta, working with NYU’s cybersecurity group, has ideas to shore up these systems.
“We’re looking at what can go wrong,” he says. “Malicious and deliberate modification of the print orientation or the introduction of defects are two possible attacks which may have devastating impact.”
The severity of those impacts, of course, depends on where the parts would be used (in an aircraft engine, for example).
Manufacturers currently use nondestructive testing (NDT) — including ultrasonic testing and CT scans — of critical components to identify such flaws before their impact reaches any magnitude.
“But small defects may be introduced into the part which cannot be detected by typical NDT inspection,” Gupta warns.
This would mean having control of both the design file and printing parameters, as changes in settings like power or temperature can result in flawed components.
“Cybersecurity is a cat-and-mouse game,” says Gupta, who suggests that the manufacturing industry look to the financial-services world for lessons on how to improve resilience.
In a worst-case scenario, systems should assume the network is already breached and build in authentication between core components — for example, between the material and printer, or the design file and finished item.
Made to be broken
This mind-set occasionally overlaps with an active sector of the 3D-printing community, which naturally includes hackers.
And this highlights an important issue: Hackers see any method of protecting something as a challenge.
When it comes to cracks, the race to break software copy protection on the first day of release receives the 0-day moniker.
This is a badge of pride in the warez, or unauthorized release (read: piracy), community.
But InfraTrac may just be the technology to stop 3D-printing hacker pirates.
“The near-infinite number of choices of taggants,” Flank says, coupled with the complexity of peanut-butter-and-jelly combos, means that fakery is a nigh on impossible feat.
3D printing may not be an integral part of most people’s lives — or most manufacturing processes, for that matter—yet.
But given the pace of progress and the noted ability of some to use technology maliciously, one threat may trump all others: complacency.
*Images courtesy of Redshift
This article originally appeared on Autodesk’s Redshift, a site dedicated to inspiring designers and creators.
Every morning, wake up to the blog that gives you the latest trends shaping tomorrow.