Picture Credit: Anycubic
Anycubic prospects are reporting that their 3D printers have been hacked and now show a message warning of an alleged safety flaw within the firm’s techniques.
Quite a few threads on information sharing web site Reddit show similar reports (hat tip to @dan) of customers receiving an unsolicited textual content file on their Anycubic 3D printers with the file identify “hacked_machine_readme.” The planted textual content file claims Anycubic has a “critical vulnerability” and warns the consumer to take motion to “prevent potential exploitation.”
The textual content file reads partially:
Your machine has a vital vulnerability, posing a big menace to your safety. Quick motion is strongly suggested to forestall potential exploitation. Be happy to disconnect your printer from the web in case you don’t wanna get hacked by a foul actor! That is only a innocent message. You haven’t been harmed in any means.
The textual content file described an unspecified vulnerability in Anycubic’s MQTT service, which allegedly permits the power to “connect and control” buyer 3D printers which can be related to the web. MQTT is a well-liked messaging protocol typically utilized by apps and internet-connected gadgets for speaking with an organization’s back-end servers, on this case Anycubic’s techniques.
Anycubic’s app was down on the time of writing when TechCrunch checked. Customers making an attempt to log in had been met with a “network unavailable” error message.
The one who authored the textual content file claimed they despatched the message to 2.9 million Anycubic 3D printers. Anycubic’s James Ouyang stated in a July 2023 interview that his firm had 3 million cumulative gross sales.
Ouyang didn’t reply to TechCrunch’s e-mail requesting remark.
“Disconnect your printer from the internet until anycubic patches this issue,” the textual content file reads.
Are you aware extra concerning the Anycubic incident? You’ll be able to contact Zack Whittaker on Sign and WhatsApp at +1 646-755-8849, or by email. You can also contact us by way of SecureDrop.
Learn extra on TechCrunch:
