Last week, Bambu Lab notified users of an impending firmware update that will bring a new authorization system to its hardware and disable its network plugin API for third-party software (the popular OrcaSlicer being named), walling off direct 3D printer control from such applications. The announcement was met with community outrage, and many suggestions the move heralds a tightening grip on the closed-source ecosystem.
The update, which Bambu Lab says was made to mitigate “any risk of remote hacks or printer exposure issues that have happened in the past and also lower the risk of abnormal traffic or attacks”, introduced a new integrable application called Bambu Connect intended to bridge control functions that removing the network plugin API will break.
At the time, Bambu Lab said users who prefer not to transition to its new system should remain on older firmware indefinitely. It appears the company has decided to soften that hardline stance, as it now plans to offer an additional option in “Developer Mode”: a LAN-mode exclusive setting that enables an MQTT channel, live stream, and FTP – ostensibly allowing a path for existing control functions in third-party software to continue working.
Bambu Lab’s Head of PR Nadia Yaakoubi confirmed to All3DP that the use of Developer Mode will not affect warranties, but clarified the company will be “unable to provide support for setting up MQTT or other integrations…Troubleshooting assistance is restricted to basic network configurations necessary for LAN mode.”
It’s important to note that operating Bambu Lab 3D printers in LAN Mode disables some features. LAN users are, of course, restricted to starting prints from the local network, and the Bambu Handy app and print history function are unavailable. LAN mode may also result in inferior spaghetti detection, as the system’s machine-learning algorithm will only update with the 3D printer’s firmware.
In an All3DP poll, we found that over 60% of more than 1,300 respondents regularly use third-party tools like OrcaSlicer with their Bambu Lab 3D printers, while about 26% don’t at all. If taken as representative, the response highlights just how important third-party tools are to Bambu Lab users.
There is a notable third option for X-series owners who want to maintain third-party system control: the open-source X1Plus firmware, which Bambu Lab officially allowed in January 2024.
X1Plus adds many features to the Linux-based X-series 3D printers but comes with tradeoffs, too, as opting into the exploitable firmware that makes X1Plus possible also requires users to agree to a waiver of warranty and safety responsibility.
Bambu Lab’s closed-source firmware is already a point of contention within the 3D printing community; something the company acknowledged when it began allowing users to transition to X1Plus:
“We chose to build a closed and proprietary system, understanding this would bring its own set of challenges, including development difficulties and potentially disappointing customers in this DIY-spirited community.
The entire ecosystem, including hardware and software, was designed under the assumption it would be closed, with Bambu Lab having full control over its evolution, except for the slicer, as it used open-source code.”
Bambu Lab has justified the update and authorization system it brings by citing “growing industry security concerns” in a January 18 press release that highlights the company’s Security Incident and Cloud Traffic Report, a wiki article that breaks down what Bambu Lab calls a “persistent and escalating volume of abnormal requests.” In the press release, Bambu Lab says its current system has “several documented vulnerabilities” that its upcoming authorization system is intended to address to protect against unauthorized remote access to motion control systems and heating elements, exploitation of network protocols in cloud and LAN modes, and, crucially, “unauthorized API usage causing infrastructure strain”.
Another affected third-party tool, BigTreeTech’s Panda series Bambu Lab mods, was addressed curtly. Odd, given that Developer Mode would appear to adequately address any concerns over the third-party hardware’s continued functionality.
Bambu Lab has removed the expected January 23 release date for the security update’s stable version from its initial announcement blog; Yaakoubi told All3DP the update may take longer. To read Bambu Lab’s complete response and announcement of Developer Mode, and to see a demonstration of Bambu Connect (which Bambu Lab says “has been carefully designed to minimize disruption to existing user processes”) visit the Bambu Lab blog.
Stay Informed, Save Big, Make More
Get our bi-weekly newsletter for the latest 3D printing news, deals, and guides.
We do not share your information! You can unsubscribe at any time.
By subscribing you agree to our Privacy Policy.
Read more recent news:
License: The text of "Bambu Lab Responds to Security Update Controversy, Promises ‘Developer Mode’" by All3DP is licensed under a Creative Commons Attribution 4.0 International License.