Image Credit: Anycubic
Customers of Anycubic report that their 3D printers have been compromised and are now displaying a warning message about a security vulnerability in the company's systems.
Several threads on the news sharing site Reddit appear similar reports (hat tip to @dan) of users receiving an unwanted text file on their Anycubic 3D printers with the file name "hacked_machine_readme." The text file alleges that Anycubic has "critical vulnerabilities" and warns the user to take action to "prevent potential exploitation."
The text file reads in part:
"Your machine has critical vulnerabilities, posing a significant threat to your security. It is highly recommended to act immediately to prevent potential exploitation. Do not hesitate to disconnect your printer from the internet if you do not want to be breached by a bad actor! This is just a harmless message. You are not harmed in any way."
The text file describes undefined vulnerabilities in Anycubic's MQTT service, which seemingly allows the capability to "connect and control" customers' internet-connected 3D printers. MQTT is a popular messaging protocol often used by applications and devices connected to the internet to communicate with the company's backend servers, in this case, Anycubic's systems.
Anycubic's app was offline at the time of writing when TechCrunch checked. Users attempting to log in encountered an error message stating "network unavailable."
The individual who connected the text file claimed to have sent the message to 2.9 million Anycubic 3D printers. Anycubic's James Ouyang stated in a July 2023 interview that his company had three million cumulative sales.
Ouyang did not respond to TechCrunch's request for comment.
"Disconnect your printer from the internet until cubic fixes this issue," the text file stated.
Read more on TechCrunch:
