Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

3D printer users say their devices were hacked to warn of a security flaw

A digital padlock on a blue digital background.

Users of a popular 3D printer were recently met with an ominous message on their devices: disconnect the gadget from the internet, or face the consequences. Apparently, the devices carry a severe vulnerability which could be abused in different ways.

Users of the Anycubic 3D printer flocked to Reddit to share their experience of receiving an unsolicited message via their device. The message was named “hacked-machine_readme”, and claimed that the device has a “critical vulnerability”. To “prevent potential exploitation”, the users should disconnect their devices from the internet, the message reads. 

“This is just a harmless message. You have not been harmed in any way,” the message concludes.

Three million messages

According to the warning message, the printers carry an unspecified vulnerability in Anycubic’s MQTT service which, apparently, can be used to “connect and control” internet-connected 3D printers. MQTT is described as a “lightweight, publish-subscribe, machine to machine network protocol for message queue/message queuing service”. 

It is designed to connect to remote devices with limited network bandwidth, or other constraints (which fits the description of your average IoT device).

“What can be done? Well, I could RM your whole printer but I don't feel like wasting your prints or filament you have spent real money on,” the message reads. “It is also possible to put a startup script in the printer but I have not done so. Let's just hope anycubic fixes their MQTT server. Also plz anycubic, make the printer open source.”

The author of the message wrapped it up saying that it was sent to 2.8 million devices.

Anycubic’s website and Twitter account have not mentioned this incident by press time. An administrator on the Reddit forum replied to one of the threads, saying the company was investigating the matter.

Via TechCrunch

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.