Home / / 3D printers being left open to the web

3D printers being left open to the web

SANS researcher warns that 3D printers can easily be accessed by unauthorised users

3D printers being left open to the web
3D printers could be hijacked to burnout or create flawed components.

Many 3D printers are being left open to the internet, creating a possible security risk.

According to a blog post by Xavier Mertens, a senior handler for the SANS Internet Storm Center (ISC) and a freelance cyber security consultant, a large number of print interfaces for 3D printers are web facing, but are being left open without any access control.

Mertens said that a simple search showed 3,700 instances of the popular OctoPrint 3D printing web interface exposed without access control or authentication requirements. Octoprint controls all aspects of monitoring and output of a 3D printer.

The owners of these 3D printers could face bad consequences, Mertens added. One of the most common file formats for 3D objects is G Code, which is not encrypted. Mertens said this could mean a hacker with access to an unsecured 3D printer could easily download and ‘steal' the IP contained in a G Code file. This is particularly important considering that many 3D printers are used to create prototype devices by R&D departments.

Other possible abuses of G Code files include unauthorized uploading of malicious files that have been designed to push a 3D printer past its safe temperature limits, or using G Code files that have been amended to create deliberately-flawed 3D parts with the aim of causing a malfunction of the device. With 3D printed parts increasingly used in the workplace and in uses like drones, the potential for malfunction

Mertens points out that access control is available in OctoPrint, but is commonly switched off, adding that 3D printer owners need to be more careful of their devices.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.