OctoPrint, the open-source control software for 3D printers, has issued a reminder to its users to invest time to properly secure internal services and configure settings after a report from the Internet Storm Center (ISC) which shows the dangers of unsecured interfaces.
The interface, which was developed by Gina Häußge is popular amongst the 3D printing community. It has many uses, including remotely controlling and monitoring 3D printers.
The reason for creating such a guide is because of an article published by the Internet Storm Center (ISC), a group which focuses on online security and the potential disruptive or malicious activity that threatens it.
In the ISC article, a potential attack against an unsecured 3D printer linked to OctoPrint is described. The article was written by Xavier Mertens, Senior ISC Handler. He asks: “So, what can go wrong with this kind of interface? It’s just another unauthenticated access to an online device. Sure but the printer owners could face very bad situations.”
In fact, the article goes on to explain that researchers had found that 3,759 3D printers using OctoPrint could be accessed without any requirement for authentication. As a result, leakage of proprietary IP and trade secrets could be a possibility.
Fortunately, the issues with Octoprint don’t lie with those who are sure they’ve secured the software. In fact, the ISC report explains that, although there are potential issues with using an unsecured Octoprint when using the software in the way in which it was developed, no issues were found.
However, paying attention to the everything the startup wizard in Octoprint recommends suddenly seems even more important. The ISC found that many users disable a security function.
A blog post by Jubaleth emphasizes the importance of proper configuration and outlines a few tips for avoiding risk. For example, ways in which you can access your 3D printer via the software securely, including by setting up a number of plugins or a VPN/reverse proxy.
Jubaleth explains that, whether you’re a beginner or veteran of using Octoprint, plugins are one of the best ways to reduce risk. Although it may seem like extra work to set up a plugin, it’s worth the effort.
Furthermore, by putting Octoprint onto the internet you’re facing “dangerous” consequences. Jubaleth signs out by asking: “Anything with the potential to burn down your house should be treated with the utmost care. It may seem more convenient to cut corners… but is it really worth it?”
If you’re struggling to know where to start with securing your 3D printer, get in touch with the Octoprint community via the forums on the website.
Source: OctoPrint Blog
License: The text of "OctoPrint Publishes Guide to Secure 3D Printing After Concerning Report" by All3DP is licensed under a Creative Commons Attribution 4.0 International License.
Subscribe to updates from All3DP
You are subscribed to updates from All3DP
You can’t subscribe to updates from All3DP. Learn more…