Security researchers at the SANS Internet Storm Center discovered that thousands of 3D printers are exposed online without proper defense.
The news is worrisome, thousands of 3D printers are exposed online to remote cyber attacks. According to the experts at SANS Internet Storm Center that scanned the internet for vulnerable 3D printers, a Shodan query has found more than 3,700 instances of OctoPrint interfaces exposed online, most in the United States (1,600).
The OctoPrint is a free and open source web interface for 3D printers that could be used to remotely monitor and control the devices.
Users can control print jobs through the interface, unauthorized accesses could be used for malicious activities, including sabotage and cyber espionage.
“So, what can go wrong with this kind of interface? It’s just another unauthenticated access to an online device. Sure but the printer owners could face very bad situations.” reads the analysis published by the experts.
“The interface allows downloading the 3D objects loaded in the printer. Those objects are in G-code format. To make it simple, G-code is a language in which people tell computerized machine tools how to make something. G-code files are simple text files and are not encrypted:”
Experts warn that G-code files can be downloaded and manipulated by attackers for sabotage or and lead to potentially trade secret data leak.
“Indeed, many companies R&D departments are using 3D printers to develop and test some pieces of their future product.” continues the experts.
“Worse, what if the attacker downloads a G-code file, alters it and re-upload it. Be changing the G-code instructions, you will instruct the device to print the object but the altered one won’t have the same physical capabilities and could be a potential danger once used.” concludes the experts.
“Think about 3D-printer guns but also 3D-printed objects used in drones. Drone owners are big fans of self-printed hardware.”
Experts highlighted that 3D printers could be also used to start a fire given the high temperatures during printing operations. Attackers can also abuse the monitoring feature that uses an embedded webcam can be accessed remotely.
The OctoPrint development team recommends enabling the Access Control feature to avoid that anyone can remotely gain full control over the printer and urges the implementation of additional measures to secure the 3D printers if remote access is required.
“If you plan to have your OctoPrint instance accessible over the internet, always enable Access Control and ideally don’t make it accessible to everyone over the internet but instead use a VPN or at the very least HTTP basic authentication on a layer above OctoPrint,” states the OctoPrint documentation.