3D printer users say their devices were hacked to warn of a security flaw
Benevolent hacker is warning of a 3D printer vulnerability
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Users of a popular3D printerwere recently met with an ominous message on their devices: disconnect the gadget from the internet, or face the consequences. Apparently, the devices carry a severe vulnerability which could be abused in different ways.
Users of the Anycubic 3D printer flocked to Reddit to share their experience of receiving an unsolicited message via their device. The message was named “hacked-machine_readme”, and claimed that the device has a “critical vulnerability”. To “prevent potential exploitation”, the users should disconnect their devices from the internet, the message reads.
“This is just a harmless message. You have not been harmed in any way,” the message concludes.
Three million messages
According to the warning message, the printers carry an unspecified vulnerability in Anycubic’s MQTT service which, apparently, can be used to “connect and control” internet-connected 3D printers. MQTT isdescribedas a “lightweight, publish-subscribe, machine to machine network protocol for message queue/message queuing service”.
It is designed to connect to remote devices with limited network bandwidth, or other constraints (which fits the description of your average IoT device).
“What can be done? Well, I could RM your whole printer but I don’t feel like wasting your prints or filament you have spent real money on,” the message reads. “It is also possible to put a startup script in the printer but I have not done so. Let’s just hope anycubic fixes their MQTT server. Also plz anycubic, make the printer open source.”
The author of the message wrapped it up saying that it was sent to 2.8 million devices.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Anycubic’s website and Twitter account have not mentioned this incident by press time. An administrator on the Reddit forum replied to one of the threads, saying the company was investigating the matter.
ViaTechCrunch
More from TechRadar Pro
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Dangerous Android banking malware looks to trick victims with fake money transfers
Sophos Firewall hack on government network used an all-new custom malware
Watch out, Nvidia - new benchmarks suggest Apple M4 Ultra could beat the mighty RTX 4090
