Click For Photo: https://www.3ders.org/images2018/nearly-3800-3d-printers-were-left-exposed-to-attacks-1.png
Nearly 3,800 3D printers are being left open without any access control or authentication requirements, according to a blog post by Xavier Mertens and Richard Porter, two security researchers from the SANS Internet Storm Center (ISC).
The exposed 3D printers are using an open-source project named OctoPrint. It is a web interface for 3D printers that allows you to easily control and monitor your 3D printer and 3D print jobs from virtually any browser on your network. The software has offered makers everywhere an effective way to keep track of their prints, whether or not they are standing in front of their 3D printers. It can read G-code files, view the webcam feed, see the printer status and the terminal output, etc. But, without the need of authentication, it means that random attackers can also modify a printer's settings.
Attackers - G-code - Project - Files - Printer
Attackers can download the unencrypted G-code project files, which tell the printer what to print. "G-code files can be downloaded and lead to potentially trade secret data leak," wrote the researchers. "Indeed, many companies R&D departments are using 3D printers to develop and test some pieces of their future product.”
Porter and Mertens also argue that an anonymous person could send a malicious G-code file to the printer and instruct to print it while nobody is around and potentially cause fires. Other possible abuses of G-code files include unauthorized access to a 3D printer's webcam which can affect the remote user privacy, or using G-code files that have been modified to sabotage the...
Wake Up To Breaking News!