Anycubic 3D printers hacked in bold attempt to inform owners of security hole

According to users of the subreddit for Anycubic 3D printers, a very significant exploit has been uncovered by hackers — though fortunately, they only seem to be using it to leave a message drawing attention to the issue. As noted by Bleeping Computer, users are being pointed toward a readme file on the display of their 3D printer that alerts them of the security issue and advises them to disconnect it from the Internet until a patch is released that actually fixes the problem.

Unfortunately, it seems like this has been an issue for quite some time. According to a forum post cited by BC on the matter, users “have attempted to communicate with Anycubic regarding two critical security vulnerabilities we identified, in particular one can be found catastrophic if found by a malicious (party). Despite our efforts over the past two months, we have not received a single response.”

Those same users (potentially our very same hackers), then said “Consequently, we are now preparing to disclose these vulnerabilities to the public along with our repo and our tools.” Some hours after the hacked messages warning of the issue started to appear, Anycubic’s app stopped working due to a “network unavailable” error message, which may have been caused by this issue.

A few Anycubic printers make our own roundup of the best 3D printers, and the company has considerable market share. According to Bleeping Computer, the company has around 1,000 employees and is one of the most popular brands on the market, with more than 3 million 3D printers sold if Anycubic’s claims are to be believed.

Regardless of sales success, though, it seems pretty important that Anycubic take care of this quickly. 3D printers are expensive machines, and according to the hacked message left, the exploit could effectively be used to “rm (presumably Unix “rm”, or remove files) your whole printer” or place a startup script inside of it. 

Fortunately, the people on the hacking end of this issue only sought to draw users’ attention to it; a malicious party could have been actively exploiting this for months without drawing anybody’s attention, if they so pleased.

Update, Feb. 29, 2024, 1:35 p.m. ET: This article previously said Anycubic wasn’t on our list of the best 3D printers. This was incorrect and has been updated. We regret the error.