Anycubic seems to have resolved a curious security incident with their 3D printers.
Last week reports emerged of Anycubic 3D printer operators suddenly seeing a mysterious GCODE file appear on their equipment. The file, entitled “hacked_machine_readme.gcode”, caused some anxiety among users that were affected by this sudden appearance.
Some were afraid to open the file, as they feared it might cause some damage. However, this proved untrue, as the entire operation seems to be a dramatic way to inform Anycubic of a server issue.
Some brave Anycubic operators opened the file and saw what was inside. One, Reddit contributor lilputman_ did so and found this text:
Evidently the problem was quickly resolved by Anycubic. They apparently received an email from someone indicating there was a security hole in the company’s MQTT server. MQTT is a lightweight IoT protocol for machine to machine communication, used by Anycubic for their cloud service.
Not even a day later, multiple Anycubic operators began receiving the mysterious file on their equipment. Anycubic estimates that up to 2000 operators could have received the message file.
Anycubic’s software team investigated the incident and determined that the machines had received an unsolicited instruction to download a .TXT file from a third party server. This was then renamed to “hacked_machine_readme.gcode”.
Anycubic has already made these changes:
- Strengthened the security verification steps of the cloud server
- Strengthened authorization/permission management in the cloud server
- Currently improving the security verification of firmware (new firmware will be available on the official website by March 5th.)
And they also plan to do the following in short order:
- Implementing network segmentation measures to restrict external access to services
- Conducting regularly audits and updates for systems, software, and the MQTT server
They also recommend that anyone seeing the file to simply delete it and keep going. Machines that have not received the file are good to go.
In the end this was a harmless incident that Anycubic repaired quickly. However, the security flaw was serious and it might have been possible for a bad actor to take advantage of it. For now, however, it seems that Anycubic equipment remains safe.