Someone is hacking 3D printers to warn owners of a security flaw

Do you have an Anycubic Kobra 2 Pro/Plus/Max 3D printer?  Did you know it has a security vulnerability?

If you answered "yes" to both those questions, then chances are that I can guess just how you found out your 3D printer was vulnerable to hackers.

My bet is that you might have learnt about the problem after seeing a strange message displayed on your device, claiming that it had been hacked.

As multiple posts on Reddit confirm, owners of the 3D printers have had an unusual message pop up on their devices.

The message contains ASCII art of a worm and claims to be "harmless" - but warns of a "critical vulnerability" in the printer, posing a “significant threat”. It advises affected users to disconnect their printer from the internet to avoid being hacked.

In the message, someone calling themselves "printer god" bemoans Anycubic's lax security and warns that a malicious attack could have caused damage.

The warning message in the file hacked_machine_readme.gcode can be safely deleted from the printer's screen or USB drive.  The author claims to have sent it to over 2.9 million vulnerable printers.

The hack seems to be connected to a post in an online forum earlier this week by a user called "Dump".  “Dump” claimed to have tried to communicate with Anycubic for two months about "two critical security vulnerabilities" - with one described as "catastrophic if found to be malicious."

Anycubic has now confirmed the existence of a "security issue", which it claims was "caused by a third party using a security vulnerability of the MQTT server to access users' printers."

Anycubic says that it is enhancing its cloud server security and will release new firmware to users on March 5, 2024.

This isn't the first time that printers have been hijacked through security vulnerabilities to spread messages. For instance, in 2018, thousands of printers were seized to print out a message promoting PewDiePie's YouTube channel.