Users of a popular 3D printer were recently met with an ominous message on their devices: disconnect the gadget from the internet, or face the consequences. Apparently, the devices carry a severe vulnerability which could be abused in different ways.
Users of the Anycubic 3D printer flocked to Reddit to share their experience of receiving an unsolicited message via their device. The message was named “hacked-machine_readme”, and claimed that the device has a “critical vulnerability”. To “prevent potential exploitation”, the users should disconnect their devices from the internet, the message reads.
“This is just a harmless message. You have not been harmed in any way,” the message concludes.
Three million messages
According to the warning message, the printers carry an unspecified vulnerability in Anycubic’s MQTT service which, apparently, can be used to “connect and control” internet-connected 3D printers. MQTT is described as a “lightweight, publish-subscribe, machine to machine network protocol for message queue/message queuing service”.
It is designed to connect to remote devices with limited network bandwidth, or other constraints (which fits the description of your average IoT device).
“What can be done? Well, I could RM your whole printer but I don’t feel like wasting your prints or filament you have spent real money on,” the message reads. “It is also possible to put a startup script in the printer but I have not done so. Let’s just hope anycubic fixes their MQTT server. Also plz anycubic, make the printer open source.”
The author of the message wrapped it up saying that it was sent to 2.8 million devices.
Anycubic’s website and Twitter account have not mentioned this incident by press time. An administrator on the Reddit forum replied to one of the threads, saying the company was investigating the matter.
Via TechCrunch
