Anycubic Quickly Resolves Security Incident Involving Unexpected GCODE File on 3D Printers

Mysterious message contained in an Anycubic GCODE file [Source: Reddit]

Anycubic seems to have resolved a curious security incident with their 3D printers.

Last week reports emerged of Anycubic 3D printer operators suddenly seeing a mysterious GCODE file appear on their equipment. The file, entitled “hacked_machine_readme.gcode”, caused some anxiety among users that were affected by this sudden appearance.

Some were afraid to open the file, as they feared it might cause some damage. However, this proved untrue, as the entire operation seems to be a dramatic way to inform Anycubic of a server issue.

Some brave Anycubic operators opened the file and saw what was inside. One, Reddit contributor lilputman_ did so and found this text:

Evidently the problem was quickly resolved by Anycubic. They apparently received an email from someone indicating there was a security hole in the company’s MQTT server. MQTT is a lightweight IoT protocol for machine to machine communication, used by Anycubic for their cloud service.

Not even a day later, multiple Anycubic operators began receiving the mysterious file on their equipment. Anycubic estimates that up to 2000 operators could have received the message file.

Anycubic’s software team investigated the incident and determined that the machines had received an unsolicited instruction to download a .TXT file from a third party server. This was then renamed to “hacked_machine_readme.gcode”.

Anycubic has already made these changes:

Strengthened the security verification steps of the cloud server
Strengthened authorization/permission management in the cloud server
Currently improving the security verification of firmware (new firmware will be available on the official website by March 5th.)

And they also plan to do the following in short order:

Implementing network segmentation measures to restrict external access to services
Conducting regularly audits and updates for systems, software, and the MQTT server

They also recommend that anyone seeing the file to simply delete it and keep going. Machines that have not received the file are good to go.

In the end this was a harmless incident that Anycubic repaired quickly. However, the security flaw was serious and it might have been possible for a bad actor to take advantage of it. For now, however, it seems that Anycubic equipment remains safe.

Via Anycubic and Reddit

By Kerry Stevenson

Kerry Stevenson, aka "General Fabb" has written over 8,000 stories on 3D printing at Fabbaloo since he launched the venture in 2007, with an intention to promote and grow the incredible technology of 3D printing across the world. So far, it seems to be working!

View all of Kerry Stevenson's posts.

Leave a comment Cancel reply

Who’s The Biggest In 3D Printing, April 28, 2024

Cómo la impresión 3D puede ayudar a impulsar el boom petrolero de América del Sur

How 3D Printing can Help Fuel the South America Oil Boom

Rice University Students Develop Affordable Metal 3D Printer Prototype Using Cold-Spray Technology

Virginia Tech Researchers Aim to Revolutionize Wind Turbine Sustainability Through 3D Printing

Book of the Week: Hit Makers

Ultimaker Cura’s Secret Lightning Infill Really Works!

We All Lose Sanjay Mortimer

Design of the Week: Massive Articulated Dragon

What Is Klipper, And Should You Use It?

Chasing The Elusive Safe 3D Printer Resin

8 Reasons Why You Should Not Buy A Home 3D Printer

What Might We Expect To See In The Prusa MK4? Part 1

The Highest-Temperature 3D Printer Filament?

1.75 vs 2.85mm Filament Showdown