What happened with Anycubic 3D printers?

An unknown actor hacked into Anycubic 3D printers worldwide, placing a 'hacked_machine_readme.gcode' file on the devices to warn users about a critical security vulnerability. This flaw in Anycubic's MQTT service API could potentially allow attackers to take control of the printers remotely.

What does the hacker recommend to Anycubic users?

The hacker's message suggests that users disconnect their printers from the internet as a temporary safeguard and criticizes Anycubic for its closed-source approach, urging the company to open-source their software to address security inadequacies.

How many devices were affected by this warning?

The hacker's message claimed that approximately 2,934,635 devices received this warning, though this number can't be independently confirmed.

Incident

Anycubic 3D printers hacked to warn of a security flaw

Q: Has Anycubic acknowledged the incident?

As of the latest information, Anycubic has yet to formally acknowledge the incident or provide detailed guidance to its users on safeguarding their devices against this exploited vulnerability.

published: Feb. 28, 2024

Take action: It's obvious that Anycubic 3D printers can be hacked. Best action is to disconnect your 3D printer from the internet and if possible use it only in a local environment without access to the internet. Patch is available as of 5th of March 2024. As a second option, have it powered off and only activate it and connect to internet when printing. This should somewhat reduce risk, although very cumbersome and not ideal.

Learn More

Anycubic, a leading 3D printer manufacturer, has been the subject of a cybersecurity warning after customers reported unauthorized access to their devices. An unknown actor hacked into Anycubic 3D printers worldwide, placing a "hacked_machine_readme.gcode" file on the devices. This file, typically used for 3D printing instructions, served as a warning to users about a critical security vulnerability within their printers. It warned of a flaw in Anycubic's MQTT service API, which could potentially allow attackers to take control of the printers remotely.

The hacker's message suggest that users disconnect their printers from the internet as a temporary safeguard. Moreover, the message criticized Anycubic for its closed-source approach, urging the company to open-source their software to address the security inadequacies.

The message claimed that approximately 2,934,635 devices received this warning, which can't be confirmed but is a warning of potentially massive scale of the exposure. Anycubic has initiated an information collection effort from affected customers, including APP account names, CN codes, device logs, and the compromised gcode file, to investigate the issue further. This incident has also led to temporary disruptions in Anycubic's app services, with users facing "network unavailable" error messages when attempting to log in.

Update - AnyCubic, addressed the vulnerability affecting its Kobra 2 Pro/Plus/Max models by releasing new firmware on March 5th. The company communicated that it has now enhanced the security protocols surrounding verification and authorization/permission management within its MQTT server to mitigate potential risks.

Despite the widespread impact of this incident, Anycubic has not yet released an official statement addressing the vulnerability or the steps being taken to mitigate the risks. Anycubic has yet to formally acknowledge the incident or provide detailed guidance to its users on safeguarding their devices against this exploited vulnerability.

Anycubic 3D printers hacked to warn of a security flaw