Hey all :) A few months back my colleagues at ERNW (an IT security

Hey all

A few months back my colleagues at ERNW (an IT security specialist company) recently had a quick look at the security of cloud-based 3d-printer gadgets like @OctoPrint . It was surprisingly easy to find and sneak into other people’s living rooms via the webcam feature, control their printers, etc.

I described the findings (readable for non IT-guys) here: 3D-Printers in the Cloud – Insinuator.net

To sum it up:

• Please don’t just connect your 3D-printer to the Internet, without thinking about its security
• Use strong passwords (or a password at all!)
• Configure your firewall restrictively (or find somebody to help with it :))

Take care & happy printing everybody
Flo

PS: Thanks to the genius OctoPrint dev @foosel for quickly fixing those weak spots.

Wow thanks for the mentioning^^ and the link to the http://3drucken.ch blog! Can’t wait to get a copy of your signed book.

@Florian_Horsch_flouS is there a directory of networked cloud printers? I’d like to upload designs for printing nearby when my 3d Matterform scanner arrives.

@Gregor_Luetolf , totally forgot to “+” you in the original post - sorry. Didn’t I tell you that we had a look into your living room in Skype? Jeez… I’m a bit confused after having spent so much time on the 3d-printing book. SORRY! BTW: You get a free copy from the publisher. Stay tuned.

@Charlotte_Pierce : With @OctoPrint there isn’t (at least on purpose). What you’re talking about sounds more like http://3dhubs.com - this is a really awesome place to send print requests to your neighbourhood. Currently plenty of cities are unlocked… where are you based?

@foosel has always recommended not opening an @OctoPrint host up to the unfiltered internet.

@Florian_Horsch_flouS I’m in the Boston area, Massachusetts USA. I’m sure there’s a fablab or maybe @Art_Asylum has such a service, come to think of it.

@Jason_Gullickson yeah, I did. I somehow should have known better than to depend on people following good advice

@Jason_Gullickson & @foosel : Just to state that again - no offence towards Gina. It’s really about the users not knowing what they’re doing or even not caring about the risks. In the blog post there’s a section where I credit Gina for her fast response and changes to the code.

With great code comes great responsibility I guess

@Florian_Horsch_flouS never took it that way, no worries

I mentioned it @Florian_Horsch_flouS only to make it clear that these security issues were not due to ignorance but conscious design decisions by @foosel to focus on more useful (and probably more interesting) problems and features than chasing the endless tail of security

I was using @OctoPrint to print objects remotely during presentations from far. No time to focus on security first. Also believing in the good and would not have thought of someone using access to play games.

@Gregor_Luetolf understandable. Sadly though, believing in the good when it comes to computer systems is a really bad idea, there are just too many a**holes out there who get kick out of f*cking with other people’s stuff. Let’s just be happy that nothing serious happened and hopefully shouldn’t in the future now that ACLs are somewhat enforced and people are getting more sensibilized

Consider using a VPN @Gregor_Luetolf , that way you can focus on securing one thing instead of making sure everything you own is ready to be naked on the internet

@Jason_Gullickson I’ll better do that right now, because I won’t understand why people are doing things like this in my lifetime.

@Gregor_Luetolf because they can And in the end it’s all about money, power and fame I guess.

@Florian_Horsch_flouS Didn’t want to think that it’s so sick, but will have to learn that this is just the case.