Update – March 1, 2024: Anycubic has now released an official statement regarding the vulnerability on its blog. Users can expect updated firmware by March 5, it says.
On February 27, an Anycubic vulnerability was brought to the attention of some Anycubic Kobra 2 Pro owners when users reported a file named “hacked_machine_readme.gcode” had appeared on machines connected to the Anycubic Cloud online service.
The file, according to Redditor r/lilputman_, warns users of an MQTT server vulnerability “which allows any valid credential to connect and control your printer via the MQTT API.” The message also notes that “293 463,5” printers tried to receive the message. We advise affected users not to open the file.
When reached for comment, Anycubic responded to the issue: “The issue resulted from someone hijacking devices to remotely issue commands. We have strengthened protective measures against this potential risk”, Anycubic says. The company has taken measures to “encrypt and upgrade” its server, it says, and developed a monitoring program that has, so far, “not observed any malicious files being printed through official servers.” It does note, however, that the file users have received is automatically executed – unless a printing task is already underway.
Sparse information available from a variety of online communities seems to suggest the vulnerability has been known for some time, with failed attempts to bring it to Anycubic’s attention.
“It appears that our concerns have not been taken seriously by Anycubic”, reads a comment on the Klipper forum – also from February 27 – that notes three emails sent to Anycubic about the vulnerability received no response. “Consequently, we are now preparing to disclose these vulnerabilities to the public along with our repo and our tools.”
It is unclear if the commenter is responsible for the “hacked_machine” message.
All3DP recommends disconnecting affected devices from the internet or any devices connected to Anycubic Cloud until updated firmware becomes available. You can find the posts that initially brought the matter to All3DP’s attention and that ostensibly shared the “machine_hacked” file contents on Reddit. Or see related online communities.
Stay Informed, Save Big, Make More
Get our bi-weekly newsletter for the latest 3D printing news, deals, and guides.
We do not share your information! You can unsubscribe at any time.
By subscribing you agree to our Privacy Policy.
You’ve read that; now read these:
License: The text of "Anycubic Users Receive ‘hacked_machine’ G-code File Revealing Security Vulnerability" by All3DP is licensed under a Creative Commons Attribution 4.0 International License.