Users of a popular 3D printer recently encountered an ominous message on their devices: disconnect the device from the Internet or face the consequences. Apparently, the devices carry a serious vulnerability that could be abused in different ways.
Anycubic 3D printer users flocked to Reddit to share their experience of receiving an unsolicited message through their device. The message was called “hacked-machine_readme” and stated that the device has a “critical vulnerability.” To “avoid potential exploitation,” users should disconnect their devices from the Internet, the message says.
“This is just a harmless message. “He has not suffered any damage,” the message concludes.
Three million messages
According to the warning message, the printers have an unspecified vulnerability in Anycubic's MQTT service that can apparently be used to “connect and control” 3D printers connected to the Internet. MQTT is described as a “lightweight, publish-subscribe, machine-to-machine network protocol for message queuing/message queuing service.”
It is designed to connect to remote devices with limited network bandwidth or other limitations (which fits the description of an average IoT device).
“What can be done? Well, I could RM your entire printer, but I don't feel like wasting your prints or the filament you spent real money on,” the message says. “It's also possible to put a startup script in the printer but I haven't. Let's hope anycubic fixes their MQTT server. Also please anycubic, make the printer open source.”
The author of the message concluded by saying that it was sent to 2.8 million devices.
The Anycubic website and Twitter account have not mentioned this incident at the time of this publication. A Reddit forum administrator responded to one of the threads saying that the company was looking into the matter.
Via TechCrunch
