1(630)802-8605 Ravi.das@bn-inc.net

When we think of  Cyber attacks, the images of software applications being hacked into, passwords from databases being stolen, and our personal information and data being stolen from servers very often come to mind.

However, Cyber attacks go far beyond than just this, such as with Ransomware and BEC Email compromises.  But now, there is a new angle that the Cyber attacker is taking:  Taking hostage of your printer.  Yes, your printer.

I am not exactly sure of how it all works, but this morning,  I came across a news headline which basically stated that there were literally thousands of 3D printers that  were compromised, but the but the hole here was discovered rather quickly:

There was no password that was required in order to gain remote access to these servers.  So duh, that is how the Cyber attacker was able to  gain entry to them.

Apparently, OctoPrint, which is an open-source web interface for 3D printers that many manufacturers embed in their printers, has offered up numerous ways in which to secure a remote access connection to a 3D printer, without putting it on the public internet for anyone to abuse.

But, this web interface has had certain security issues with it, and researchers at the SANS Institute were the first to point them out.  The exact details of this finding can be seen at this link:

https://isc.sans.edu/forums/diary/OctoPrint+3D+Web+Interfaces+EXPOSED+Port+5000+default/24038/

As can be seen, the biggest security flaw has been the ability to access these printers without the need for specific authentication, even after the end user has actually set up a password in order to restrict access.  The ability to hijack one of these remote printers can have devastating consequences, such as the following:

*Cyber based espionage;

*The theft of confidential company documents and related Intellectual Property that pertains to Research and Development;

*Overheating the printer to the point where it can start a fire and even have the potential to burn down an entire building;

*Changing the item to be printed to something else even much more dangerous like a 3D-printed gun or rifle;

*Even spying on people via the embedded webcam monitoring feature.

There were also Cyber breached 3D printers around the world as well, in the countries of the United Kingdom, France, Germany, and Canada.  In response to these attacks, the vendor of this web interface, OctoPrint, even provided online documentation as to how these Cyber threats can be mitigated.  Their response can be seen at this link:

https://octoprint.org/blog/2018/09/03/safe-remote-access/

OctoPrint even went out to point that it is the fault of the end user for leaving their 3D printer exposed on the “Public Internet” by circumventing the security features that have been offered to them.  They specifically stated the following:

“Putting OctoPrint onto the public internet is a terrible idea, and I really can’t emphasize that enough. Let’s think about this for a moment, or two, or even three. OctoPrint is connected to a printer, complete with motors and heaters. If some hacker somewhere wanted to do some damage, they could.”  (SOURCE:  https://www.csoonline.com/article/3303562/security/over-3700-exposed-3d-printers-open-to-remote-attackers.html).

My thoughts on this?

To be honest, this is the first time I have even heard about a printer being hijacked by a Cyber attacker and being used for devastating purposes. The part that scares me is the overheating of it, and how it can start a fire rapidly. Obviously, this is  not the case with a personal inkjet printer.  A 3D printer is a large scale, heavy industrial printer.

I used to work with one in my previous jobs, and these things are gargantuan. I can see how this thing could easily start a fire with overheated motors.  The other scary part for me about this is how a Cyber attacker can steal confidential information from the printer.

This means that business entities such as mechanical contractors, architects, graphic designers, etc. are all at risk for having their diagrams heisted and used for illegal purposes.

This is an area that I will keep a close eye on, and post anything on it that I feel is relevant.  Again, I just want to reiterate that this kind of Cyber attack, based on what I read, does not impact personal printers, so don’t worry about that.  Just keep your computers updated.

For the technical details on how this Cyber attack specifically works, click on this link below:

https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/