Hacked 3D printer

Image: Midjourney

According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks.

The person behind this incident added a hacked_machine_readme.gcode file to their devices—a file that usually contains 3D printing instructions—alerting the affected users that their printer is impacted by a critical security bug.

This vulnerability allegedly enables potential attackers to control any Anycubic 3D printer affected by this vulnerability using the company's MQTT service API.

The file received by the impacted devices also asks Anycubic to open-source their 3D printers because the company's software "is lacking."

"Your machine has a critical vulnerability, posing a significant threat to your security. Immediate action is strongly advised to prevent potential exploitation," the text file reads.

"Feel free to disconnect your printer from the Internet if you don't wanna get hacked by a bad actor. This is just a harmless message. You have not been harmed in any way."

Hacked Anycubic 3D printer
Hacked Anycubic 3D printer (Mr_0verwrite)

"You should blame anycubic for their mqtt server which allows any valid credential to connect and control your printer via the matt API. Let's just hope anycubic fixes their mqtt server."

According to the same text file, 2,934,635 devices downloaded this warning message via the vulnerable API.

Customers who received this warning message are advised to disconnect their printers from the Internet until the company patches the security issue.

Anycubic 3D printer 'hacked' message
Message left on hacked Anycubic 3D printers (lilputman)

Alleged critical Anycubic vulnerabilities

While Anycubic has yet to provide an official statement regarding this incident, some affected customers have shared an anonymous post on a 3D printing-focused online forum from Tuesday warning about two critical vulnerabilities affecting the company's products.

"We have attempted to communicate with Anycubic regarding two critical security vulnerabilities we identified, in particoular one can be catastrophic if found by a malicious. Despite our efforts over the past two months, we have not received a single response to our three emails. These vulnerabilities are significant, and we have invested considerable time and effort into addressing them," the forum post says.

"Despite our initial intention to resolve the issue amicably (and we still hope in it), it appears that our concerns have not been taken seriously by Anycubic. Consequently, we are now preparing to disclose these vulnerabilities to the public along with our repo and our tools."

Anycubic social media representatives are now collecting information (APP account names, CN codes, device logs, and the gcode file) from impacted customers to "diagnose the issue."

The Anycubic app also stopped working hours after the user reports of 3D printers displaying "hacked" messages began surfacing. Users trying to log in are seeing "network unavailable" error messages, as TechCrunch first reported.

Founded in 2015 and located in Shenzhen, China, Anycubic has around 1000 employees and is now one of the most popular 3D printer brands on the market, with the company claiming it sold more than 3 million printers in over 120 countries.

An Anycubic spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

Related Articles:

Apple fixes two new iOS zero-days exploited in attacks on iPhones

Lazarus hackers exploited Windows zero-day to gain Kernel privileges

Hackers exploit critical RCE flaw in Bricks WordPress site builder

Mowing down demons: DOOM comes to Husqvarna smart lawnmowers

White House urges devs to switch to memory-safe programming languages