Do you’ve an Anycubic Kobra 2 Professional/Plus/Max 3D printer? Do you know it has a safety vulnerability?
In case you answered “sure” to each these questions, then chances are high that I can guess simply how you came upon your 3D printer was weak to hackers.
My guess is that you simply may need learnt about the issue after seeing an odd message displayed in your system, claiming that it had been hacked.
As a number of posts on Reddit affirm, homeowners of the 3D printers have had an uncommon message pop up on their gadgets.
The message comprises ASCII artwork of a worm and claims to be “innocent” – however warns of a “important vulnerability” within the printer, posing a “important risk”. It advises affected customers to disconnect their printer from the web to keep away from being hacked.
Within the message, somebody calling themselves “printer god” bemoans Anycubic’s lax safety and warns {that a} malicious assault might have brought on injury.
The warning message within the file hacked_machine_readme.gcode may be safely deleted from the printer’s display or USB drive. The creator claims to have despatched it to over 2.9 million weak printers.
The hack appears to be related to a submit in an internet discussion board earlier this week by a consumer referred to as “Dump”. “Dump” claimed to have tried to speak with Anycubic for 2 months about “two important safety vulnerabilities” – with one described as “catastrophic if discovered to be malicious.”
Anycubic has now confirmed the existence of a “safety difficulty”, which it claims was “brought on by a 3rd social gathering utilizing a safety vulnerability of the MQTT server to entry customers’ printers.”
Anycubic says that it’s enhancing its cloud server safety and can launch new firmware to customers on March 5, 2024.
This is not the primary time that printers have been hijacked by safety vulnerabilities to unfold messages. For example, in 2018, hundreds of printers had been seized to print out a message selling PewDiePie’s YouTube channel.