Image: Midjourney
Someone hacked their 3D printers to warn them against attacks, according to a wave of online reports from Anycubic customers.
A hacked_machine_readme was added by the person responsible for this incident. A critical security bug has been discovered in a device’s gcode file, which typically contains 3D printing instructions, alerting the affected users that their printer has been affected by a critical bug.
Potential attackers allegedly use the company’s MQTT service API to control any Anycubic 3D printers that are affected by this vulnerability.
Anycubic is required to open-source their 3D printers because the company’s software “is lacking,” according to the file received by the impacted devices.
” Your computer has a significant security threat because of its critical vulnerability.” The text file contains a call for immediate action to stop potential exploitation.
If you do n’t want to be hacked by a bad actor, feel free to disconnect your printer from the Internet. Simply put, this is a harmless message. You have received no harm in any way.
Anycubic should blame their mqtt server, which enables any valid credential to connect to and manage your printer via the Matt API. Hope Anycubic fixes their mqtt server.
Using the vulnerable API, 2, 934, 635 devices downloaded this warning message, according to the same text file.
Customers who received this warning should wait until the company fixes the security issue before disconnecting their printers from the Internet.
Anycubic vulnerabilities are allegedly critical.
Some affected customers posted an anonymous message on a 3D printing-focused online forum on Tuesday warning about two crucial vulnerabilities affecting the company’s products, though Anycubic has yet to release an official statement regarding this incident.
Two crucial security flaws have been identified in our attempts to communicate with Anycubic, one of which can be fatal if discovered by a malicious. We have n’t received a single response to any of our three emails despite our efforts over the past two months. We have put a lot of time and effort into addressing these flaws, according to the forum post.
It appears that Anycubic has not taken our concerns seriously, despite our initial efforts to resolve the problem amicably ( and we still hope in it ). We are now preparing to release these vulnerabilities along with our repo and our tools to the general public as a result.
To “diagnose the issue,” Anycubic social media representatives are currently gathering information from impacted customers ( APP account names, CN codes, device logs, and the gcode file ).
After user complaints of 3D printers displaying “hacked” messages began to surface, the Anycubic app’s working hours were also ended. As TechCrunch first reported, users are seeing “network unavailable” error messages when attempting to log in.
Anycubic, a company that was established in Shenzhen, China in 2015, claims to have sold more than 3 million printers worldwide and is now one of the most well-known 3D printer brands.
When BleepingComputer reached them earlier today, an Anycubic spokesperson was unavailable for comment.