It sounds improbable, and very scary, but it’s conceivable that a hacker can compromise a 3D printer, override temperature safety constraints, and potentially cause the device to actually catch fire.
As spotted by The Register (opens in new tab), this is the worrying claim put forward in a blog post by security firm CoalFire, which leveraged an exploit against a FlashForge Finder, a popular 3D printer aimed at home and classroom use.
- This is the world’s largest 3D-printed house
- 3D printing could be as cheap as chips thanks to McDonald’s
- These are the best 3D printers of 2020
Note that CoalFire makes it clear that the Finder is not an insecure device, but rather the issues it has are more of a general security oversight with 3D printers, and that this model is “probably safer and more secure than most similar competing devices”.
The FlashForge printer was chosen as a target for the security company purely due to its popularity (it is competitively priced) and widespread nature, rather than anything to do with security, save for the fact that owners are likely to be families and kids who may not be very tech-savvy or security conscious.
At any rate, The Finder receives new firmware via Wi-Fi, and that firmware update process can potentially be hijacked and the printer flashed to remove the temperature safety limits on the heating elements.
The blog post explains: “In the Finder’s case, its max temperature is only 240 degrees Celsius. By reverse engineering the firmware with the new open-source NSA disassembler Ghidra, an attacker would be able to remove that temperature constraint.”
The printer could then catch fire, but bear in mind that actually hijacking the device in such a way is not an easy task by any means – but it’s certainly possible.
The attacker would have to be on the same Wi-Fi network as the 3D printer, and be able to spoof the public firmware repository that the device gets its updates from, hosting the malicious firmware at the spoofed address, and thus getting it on the machine the next time the user updates (so obviously that would be a waiting game).
Alternatively, CoalFire describes another method which works because the Finder comes with port 8899 open (with no authentication), as follows:
- Find a FlashForge Finder 3D printer via Shodan search engine
- Connect to port 8899 (no authentication) via netcat
- Echo G-Code commands to the port to heat to max temperature and move the extruder head to the cheap, soft plastic edges of the printing bed
- Molten plastic would then begin to drip all around the printer just waiting to encounter a flammable material and start combustion
Check out the blog post (opens in new tab) for a full description of the techniques involved.