Image Credits: Anycubic
Anycubic customers are reporting that their 3D printers have been hacked and are now displaying a message warning of an alleged security flaw in the company’s systems.
Numerous threads on the news sharing site Reddit projection similar References (hat tip to @dan) of users receiving an unsolicited text file on Anycubic 3D printers with the filename “hacked_machine_readme”. The planted text file claims that Anycubic has a “critical vulnerability” and warns the user to take steps to “prevent potential exploitation.”
The text file reads in part:
Your machine has a critical vulnerability that poses a significant threat to your security. Immediate action is strongly recommended to prevent possible exploitation. Feel free to disconnect your printer from the internet if you don’t want to be hacked by a bad actor! This is just a harmless message. You are not hurt in any way.
The text file described an unspecified vulnerability in Anycubic’s MQTT service, which allegedly allows the ability to “connect and control” internet-connected client 3D printers. MQTT is a popular messaging protocol often used by Internet-connected applications and devices to communicate with a company’s back-end servers, in this case Anycubic’s systems.
Anycubic’s app was down at the time of writing when TechCrunch checked. Users trying to connect encountered a “network unavailable” error message.
The person who wrote the text file claimed to have sent the message to 2.9 million Anycubic 3D printers. said Anycubic’s James Ouyang in a July 2023 interview that his company had 3 million cumulative sales.
Ouyang said in an email to TechCrunch: “We are investigating very carefully. There will be an official announcement very soon,” but did not comment further.
“Disconnect your printer from the Internet until anycubic fixes this issue,” the text file states.
Do you know more about the Anycubic incident? Zack Whittaker can be reached on Signal and WhatsApp at +1 646-755-8849 or via email. You can also contact us via SecureDrop.
Updated with response from Ouyang.
Read more at TechCrunch:
