Anycubic prospects are reporting that their 3D printers have been hacked and now show a message warning of an alleged safety flaw within the firm’s programs.
Quite a few threads on information sharing web site Reddit present comparable studies (hat tip to @dan) of customers receiving an unsolicited textual content file on their Anycubic 3D printers with the file title, “hacked_machine_readme.” The planted textual content file claims Anycubic has a “vital vulnerability” and warns the person to take motion to “forestall potential exploitation.”
The textual content file reads partially:
“Your machine has a vital vulnerability, posing a big menace to your safety. Fast motion is strongly suggested to forestall potential exploitation. Be happy to disconnect your printer from the web if you happen to don’t wanna get hacked by a nasty actor! That is only a innocent message. You haven’t been harmed in any approach.”
The textual content file described an unspecified vulnerability in Anycubic’s MQTT service, which allegedly permits the flexibility to “join and management” buyer 3D printers which are linked to the web. MQTT is a well-liked messaging protocol usually utilized by apps and internet-connected gadgets for speaking with an organization’s back-end servers, on this case Anycubic’s programs.
Anycubic’s app was down on the time of writing when TechCrunch checked. Customers attempting to log in have been met with a “community unavailable” error message.
The one who authored the textual content file claimed they despatched the message to 2.9 million Anycubic 3D printers. Anycubic’s James Ouyang stated in a July 2023 interview that his firm had three million cumulative gross sales.
Ouyang didn’t reply to TechCrunch’s electronic mail requesting remark.
“Disconnect your printer from the web till anycubic patches this situation,” the textual content file reads.
Learn extra on TechCrunch: