March 7, 2024 at 11:12AM
AnyCubic addressed a zero-day vulnerability by releasing new Kobra 2 firmware, fixing an exploit that printed security warnings on 3D printers worldwide. The company strengthened security measures and plans to implement further updates. Despite apologizing for the incident, AnyCubic has not explained the previous lack of response to security researchers’ emails.
Key takeaways from the meeting notes are as follows:
– AnyCubic released new Kobra 2 firmware to address the zero-day vulnerability that was exploited to display security warnings on 3D printers globally.
– Users reported that their Kobra 3D printers were hacked with a print job warning about a critical vulnerability at the end of February.
– The vulnerability allowed attackers to abuse insecure permissions in the company’s MQTT service API to send commands to the printer.
– The attackers were able to queue a G-code file containing a warning message about the critical vulnerability, leading to concerns about printer security.
– Security researchers attempted to alert AnyCubic about these vulnerabilities through emails but received no response, prompting them to publicly highlight the issue.
– AnyCubic released new firmware on March 5th, addressing the zero-day vulnerability by strengthening security verification and authorization/permission management in its MQTT server.
– They also outlined future security measures and provided steps for those concerned about their printers accessing AnyCubic’s cloud service.
– AnyCubic apologized for the incident but did not clarify why the security researchers’ emails were ignored.
These takeaways provide a comprehensive overview of the security incident, the response from AnyCubic, and the steps taken to mitigate future vulnerabilities.