Posted on May 5th, 2022
The vast majority of Fused Deposition Modeling (FDM) printers are now equipped with bed heaters to combat warp, which is the curling of material up and off the print bed, causing complete print failure, equipment damage in moderate to significant warp, and quality assurance (QA) issues with low levels of warping. Certain materials are more prone to warping. Unfortunately, these warp prone materials tend to be the highest performance polymers that are critical to advanced manufacturing. In many cases, this class of polymers enables the replacement of components that previously required performance that could only be realized in metals. A common example of an additive material in this class is polyetheretherketone (PEEK). These advantages are not without tradeoffs. Typical costs are about 3000% that of consumer grade 3D printing filament and require specialized hardware that can heat to the extreme temperatures needed to print this difficult feedstock. This problem has numerous solutions ranging from enclosures to block drafts and retain heat, polyetherimide (PEI) print surfaces to increase adhesion, and the theme of this blog post – dedicated bed heaters.
For a deeper understanding of the physics behind warp in Fused Deposition Modeling please watch this video “The Physics of why your 3D Prints Warp, and what to do about it“ from Antalz.
If the quote (~6 minutes) – “practical problems regarding the stepper motor demagnetization” sounds interesting please read our blog post on this theme: exploring cyber intrusion based attacks leveraging this system property.
So how might an adversary or a disgruntled employee wanting to cause headaches for their replacement, enable warp? The default configuration is to use PID logic for both the extruder and the bed heater control. This is a highly accurate and tunable model. Temperature is very stable throughout the print duration and can overcome fluctuations in the ambient temperature such as the AC turning on or the heat dropping at night when operators leave. The other option that is latent in the firmware, depending on your configuration, is called Bang-Bang. This feature is not nearly as precise as the PID control method and assumes optimal default inputs for how often it checks the bed temperature to make adjustments. The Bang-Bang feature and input, BED_CHECK_INTERVAL, are what we will abuse to guarantee part failure in multiple, controllable modes. First, we can play the time check interval against a built-in safety feature meant to prevent fires. This watchdog will act as a digital emergency stop if it sees the bed not responding to a setpoint within a specified timeframe. This is good if the attacker’s goal is to prevent job completion as the primary objective. This will fail a job early into production and sound loud alarm buzzers on the device. A potentially more damaging application of Bang-Bang misuse would be coupled with disabling this safety feature firmware level watchdog. This allows a print job to attempt to print to completion and with the longer duration and many induced temperature cycles a failure will occur that is more damaging to equipment and wasteful of materials. One job run with these settings can take an additive system down for weeks as troubleshooting takes place and specialty parts are shipped.
If you are interested in learning more about securing Additive Manufacturing or a demonstration of BreakPoint Lab’s BISON AM solution capability, please contact us at firstname.lastname@example.org
BISON Thermal History – print run with Bang-Bang enabled. The top lines represent the extruder temperature compared to the setpoint. Notice how stable the extruder is able to maintain temperature, this is using PID control. The bottom two lines represent the heated bed with the bang-bang control mode enabled.
But wait – there’s more bad news!
Another physical property makes this configuration abuse even worse! Bed deflection occurs with the thermal cycling introduced by Bang-Bang. This video clip demonstrates the deflection using default inputs – when the green LED is on that means Bang-Bang has cycled the bed heater on – this is an 80X speed timelapse. Inducing bed deflection combined with a warp prone, temperature sensitive, super polymer is a recipe for disaster! Even worse is the lack of visibility into these errors as it is trivial for an adversary to hijack the signal sent to the HMI to display a stable temperature while this exploit is occurring.
BISON has a unique feature to increase visibility into thermal issue root cause analysis. BreakPoint Labs has developed a technology to capture the transmitted communication, both to and from the device, in near real time and identify these types of scenarios. This will help manufacturing operators and security teams work collaboratively, in one simple to use platform, to determine if anomalous activity is resulting from cyber-saboteurs or simply the company’s HVAC scheduling. Do not allow malicious firmware to derail your production and damage your assets.
If you are interested in learning more about securing AM or a demonstration of the BISON capability, please contact us at email@example.com