Goal Zero Firmware Inverter Exploitation – Disrupting AM with a UPS
Posted on March 10th, 2023
Can 3D print operations be disrupted from an upstream exploit? In this blog we will explore how an alternative energy solution for powering AM equipment can be exploited to disrupt manufacturing operations. A second round of Hollywood hack fact checking will occur pertaining to Mr. Robot and battery exploitation that was based on this event. Below is an additive machine being powered with a Goal Zero lithium battery. The overlays show the digital data streams these connected devices output, as well as a common security problem with smart devices – default credentials that are easily obtained with a simple Google search, leaving the door open for further exploitation.
Blue Arrow = demonstrating the problem of default credentials in connected devices.
Green Arrow = AM data stream that is typically offline but can be networked with a print server.
Gray Arrow = Physical button that toggles the 110V inverter on / off. The phone app interface allows remote control of this button.
Red Arrow = Digital read out of the physical battery status panel, this can indicate battery state (standby, operating, charging, discharging).
In previous blog topics we have demonstrated the potential to ransomware a non network connected AM device by firmware modification. Many OT manufacturing assets have firmware that most are not even aware of, causing blindspots in companies cyber asset libraries (even individual servo motors have firmware). This is also the case with backup power equipment. A recent real world example would be TLSSTORM, but Hollywood has taken interest in cyber-physical hacking as well. In Mr. Robot season 2 finale (eps2.9_pyth0n-pt2.p7z) a UPS is subject to firmware modification. See this “fact-checking” article from the technical advisors for that episode here.
Applying a firmware modification to a Goal Zero lithium battery can be used to disrupt additive manufacturing operations. To cause maximum disruption a randomized timer can be implemented to toggle the inverter on / off (gray arrow). The inverter is responsible for converting the stored 12V power to usable 110V power. There are inefficiencies in this conversion and having the inverter powered on causes parasitic drain even when not actively outputting 110V power – hence the need to turn this feature off when not in use. When toggled off maliciously the printer will power off in an unsafe manner. This not only causes an environmental hazard and damage to manufacturing equipment but can be a huge human resource drain. Operators unaware of the cyber nature of an upstream exploited asset will focus troubleshooting efforts on the AM device itself, which in reality does not need maintenance as it is not the source of error.
Reviewing the last commands sent in the BISON platform can help identify this as a power interruption and not a printer issue. With this visibility a machine operator will be clued into the true source of manufacturing disruption. From there additional troubleshooting steps can be taken, such as setting a camera up on the Goal Zero to monitor for inverter “blips.”
If you are interested in learning more about securing AM or a demonstration of the BISON capability, please contact us at firstname.lastname@example.org