AnyCubic, a 3D printer manufacturer, responded to a zero-day vulnerability exploited by hackers to print security warnings on Kobra 3D printers globally. The flaw, occurring in the company’s MQTT service API, allowed attackers to send print commands remotely, prompting warnings on affected printers. Despite researchers’ attempts to notify AnyCubic about the vulnerability via emails, their concerns went unanswered, leading them to publicly exploit the flaw to raise awareness.
In response to the incident, AnyCubic released new firmware for Kobra 2 Pro/Plus/Max 3D printers on March 5th, addressing the zero-day vulnerability. The update aims to strengthen security verification and authorization measures within the MQTT server to prevent similar exploits in the future. Additionally, AnyCubic outlined plans to implement further security measures, including network segmentation and regular audits, in future firmware updates scheduled for March 13th.
Despite the security patch and assurances from AnyCubic, questions linger regarding the company’s initial response to the researchers’ warnings. Concerns have been raised about why the security vulnerabilities, flagged multiple times over two months, were not addressed promptly. While AnyCubic apologizes for the incident and offers guidance on disabling WiFi access for those uncomfortable with cloud services, clarity is sought regarding the overlooked communications from the security researchers.
