Thousands of misconfigured 3D printers on interwebz run risk of sabotage

Security controls aren't there to just look pretty, you know

Internet-connected 3D printers are at risk of being tampered with or even sabotaged because users fail to apply security controls, a researcher has warned.

Xavier Mertens, a senior handler for the SANS Internet Storm Center (ISC) and freelance cybersecurity consultant, found more than 3,700 3D printers directly connected to the internet.

"These printers are controlled using the open source software package 'OctoPrint' but it's likely there are other tools that are similarly affected. OctoPrint is not meant to be exposed in this way, and it explains in its documentation how to deploy the software in a safe way," Mertens explained.

OctoPrint is a web interface for 3D printers that allows users to control and monitor the printer. As things stand, many OctoPrint instances are not properly configured and do not enforce authentication, according to Martens. Once they have access to the printer, an attacker would be able to download the files that describe parts being printed.

Some of these G-code files may be proprietary, copyrighted or contain trade secrets. An attacker would also be able to swap out these files, replacing them with files that describe similar parts that are "weakened" to produce substandard or unsafe parts.

In response to questions from The Register, an OctoPrint dev emphasised the need for user education.

"This really has nothing to do with 'lack of security controls', the controls (e.g. ACL) are there, it's been recommended over and over again that users should NOT just port forward! The problem here is users going out of their way to expose internal services on the public net.

"There's no way to prevent people from exposing internal services on the net. I try to educate, I'm working on yet another prominent warning, but I can't force people to perform proper (and inconvenient) network security."

3D printers are used to make anything from toys to medical components so if a part's dimensions were meddled with, it could have serious safety implications.

"The problem is not related to the printer, rather if OctoPrint is incorrectly configured and left open on the internet," Mertens told El Reg. In addition, some printers do not have safety switches to prevent them from overheating, which means an attacker could attempt to start a fire by uploading a malicious file.

Mertens said both 3D printers and the files for parts being printed can be protected by ensuring network segmentation; enabling the security controls provided by the tool; and other access controls.

More on his thoughts on the subject can be found in an ISC blog post here. ®

Similar topics

Other stories you might like

  • What if ransomware evolved to hit IoT in the enterprise?
    Proof-of-concept lab work demos potential future threat

    Forescout researchers have demonstrated how ransomware could spread through an enterprise from vulnerable Internet-of-Things gear.

    The security firm's Vedere Labs team said it developed a proof-of-concept strain of this type of next-generation malware, which they called R4IoT. After gaining initial access via IoT devices, the malware moves laterally through the IT network, deploying ransomware and cryptocurrency miners while also exfiltrating data, before taking advantage of operational technology (OT) systems to potentially physically disrupt critical business operations, such as pipelines or manufacturing equipment.

    In other words: a complete albeit theoretical corporate nightmare.

    Continue reading
  • AMD refreshes Ryzen Embedded line with R2000 series
    The target? Thin clients and industrial devices – with new SoC family running up to 4 independent displays

    Embedded World AMD is bringing to market a new generation of Ryzen chips for embedded apps promising more CPU cores, enhanced built-in graphics and expanded I/O connectivity to drive kit such as IoT devices and thin clients.

    Crucially, AMD plans to make the R2000 Series available for up to 10 years, providing OEM customers with a long-lifecycle support roadmap. This is an important aspect for components in embedded systems, which may be operating in situ for longer periods than the typical three to five-year lifecycle of corporate laptops and servers.

    The Ryzen Embedded R2000 Series is AMD's second-generation of mid-range system-on-chip (SoC) processors that combine CPU cores plus Radeon graphics, and target a range of embedded systems such as industrial and robotic hardware, machine vision, IoT and thin client devices. The first, R1000, came out in 2019.

    Continue reading
  • DeadBolt ransomware takes another shot at QNAP storage
    Keep boxes updated and protected to avoid a NAS-ty shock

    QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices' QTS or QuTS hero operating systems to the latest versions.

    The latest outbreak – detailed in a Friday advisory – is at least the fourth campaign by the DeadBolt gang against the vendor's users this year. According to QNAP officials, this particular run is encrypting files on NAS devices running outdated versions of Linux-based QTS 4.x, which presumably have some sort of exploitable weakness.

    The previous attacks occurred in January, March, and May.

    Continue reading

Biting the hand that feeds IT © 1998–2022