Vulnerabilities and Attacks on CAN-Based 3D Printing/Additive Manufacturing

TL;DR

This paper explores vulnerabilities in CAN-based communication systems used in 3D printing, demonstrating how attackers can manipulate sensor data and system commands, potentially causing unsafe operation.

Contribution

It identifies specific security flaws in CAN protocols within 3D printers and demonstrates practical attack methods, including a spoofing case study on a commercial device.

Findings

CAN vulnerabilities enable undetectable fault injection and packet manipulation

Attackers can control sensor data and commands with a single compromised node

Spoofing attack demonstrated on a commercial 3D printer

Abstract

Recent advancements in 3D-printing/additive manufacturing has brought forth a new interest in the use of Controller Area Network (CAN) for multi-module, plug-and-play bus support for their embedded systems. CAN systems provide a variety of benefits that can outweigh typical conventional wire-loom protocols in many categories. However, implementation of CAN also brings forth vulnerabilities provided by its spoofable, destination-encoded shared communication bus. These vulnerabilities result in undetectable fault injection, packet manipulation, unauthorized packet logging/sniffing, and more. They also provide attackers the capability to manipulate all sensor information, commands, and create unsafe operating conditions using only a single compromised node on the CAN network (bypassing all root-of-trust in the modules). Thus, malicious hardware requires only a connection to the bus for access to all traffic. In this paper, we discuss the effects of repurposed CAN-based attacks capable of manipulating sensor data, overriding systems, and injecting dangerous commands on the Controller Area Network using various entry methods. As a case study, we also showed a spoofing attack on critical data modules within a commercial 3D printer.