Some 3D printers can be flashed with firmware updates downloaded directly from the internet – and an infosec research firm says it has discovered a way to spoof those updates and potentially make the printer catch fire.
Research from the appropriately named Coalfire biz claimed printers from Chinese company Flashforge could be abused through crafted updates that bypass safety features built into the devices' firmware.
The latest breakthrough – causing a printer to start smoking and hanging out with the bad kids – comes a few months after Coalfire first started poking about with the devices' update processes.
Coalfire used NSA tool Ghidra to help it crack the printer and its firmware, though its technique for deploying modified firmware requires the malicious person to be connected to the same network as the target device. Less scary, perhaps, than randomly discovering one day that your 3D printer has become a pyromaniac.
"We wanted to do a project showing the real life physical dangers inherent in attaching all these home appliances to the internet," Coalfire senior researcher Dan McInerney told The Register. "It's fascinating to me that strokes on a keyboard can literally kill people in this day and age. As a side bonus, I can now threaten to flambé my 3D printer-owning friends."
As McInerney pointed out in a series of detailed blog posts (and incendiary video) for Coalfire, some models of Flashforge 3D printer allow downloading and installation of firmware updates over the internet. "The Flashforge Finder comes with port 8899 open with no authentication, which appears to be relatively common among IoT 3D printers," McInerney wrote. "This port takes G-Code commands for performing actions such as increasing the temperature, extruding plastic, and moving the heated extruder tip around."
Having man-in-the-middle'd a sample printer through ARP (Address Resolution Protocol) spoofing and obtained the firmware by tapping "update" on the device's own touchscreen, Coalfire set about rooting the device, eventually uncovering a password of "sz1234567" after following tips from a Reddit post.
Once the printer and its firmware were within Coalfire's control, researchers set about fiddling with variables to see whether they could achieve their goal: raising the temperature of the 3D printer head, which relies on melting plastic feedstock to form the printed item, to dangerously high levels.
While there was code preventing the printer head from exceeding 261°C (501.8°F), Coalfire claimed it was able to bypass it through close analysis of the firmware with Ghidra that helped them identify the key variable controlling the thermal cutoff temperature.
Most worryingly, the tampered firmware could be flashed to a new printer that would start overheating the printer head as soon as the device was powered on, Coalfire claimed.
"In the case of the FlashForge Finder II the temperature readings in the UI start going haywire with the modified firmware but this could easily be fixed with some more firmware tinkering," explained McInerney.
"The way it works in our modifications is you just turn the printer on and it immediately starts heating up without any way of cooling down unless you turn it off; you don't actually have to give the printer any instructions to heat up. You can still tell it to print things and it'll function normally besides the UI screen giving nonsense readings of the current temperature which makes it a little insidious."
Flashforge has been asked for comment.
McInerney suggested that manufacturers should look at signing their firmware.
A couple of years ago scientific researchers published a paper calling for more research into the effect of 3D printers on indoor air quality, saying that some devices increased dust and chemical emission levels to a point that caused them concern. Happier, more innocent days. ®