Anycubic customers are reporting that their 3D printers have been hacked and now display a message warning of an alleged security flaw in the company’s systems.
Numerous threads on news sharing site Reddit show similar reports (hat tip to @dan) of users receiving an unsolicited text file on their Anycubic 3D printers with the file name, “hacked_machine_readme.” The planted text file claims Anycubic has a “critical vulnerability” and warns the user to take action to “prevent potential exploitation.”
The text file reads in part:
“Your machine has a critical vulnerability, posing a significant threat to your security. Immediate action is strongly advised to prevent potential exploitation. Feel free to disconnect your printer from the internet if you don’t wanna get hacked by a bad actor! This is just a harmless message. You have not been harmed in any way.”
The text file described an unspecified vulnerability in Anycubic’s MQTT service, which allegedly allows the ability to “connect and control” customer 3D printers that are connected to the internet. MQTT is a popular messaging protocol often used by apps and internet-connected devices for communicating with a company’s back-end servers, in this case Anycubic’s systems.
Anycubic’s app was down at the time of writing when TechCrunch checked. Users trying to log in were met with a “network unavailable” error message.
The person who authored the text file claimed they sent the message to 2.9 million Anycubic 3D printers. Anycubic’s James Ouyang said in a July 2023 interview that his company had three million cumulative sales.
Ouyang did not respond to TechCrunch’s email requesting comment.
“Disconnect your printer from the internet until anycubic patches this issue,” the text file reads.
Read more on TechCrunch:
techcrunch.com