How i Hacked An Internet Connected 3D Printer.

Hello everyone, it’s been long time since i last wrote any story for you all. So today i am going to write on ‘how i hacked internet connected 3D printers’. Stay tuned for more hacking fun;)

Facts related to 3D printers:

1. 3D Printing Started in the ‘80s’.

2. 3D printing was primarily used for prototyping, but is now being used for production-ready pieces.

3. You can print in titanium, ceramics, wood, etc!

4. 3D printing is used in marketing by various corporations.

5. Will surpass big records in the industry.

6. They are used in school, colleges for better education trainings.

6 Fascinating Facts You Probably Didn't Know About 3D Printing | The Motley Fool

The Top 7 Weird But Cool Things to 3D Print for Your Home

Big Brands Starting to Use 3D Printing in Creative Marketing Campaigns | AllBusiness.com

3D printing growth accelerates again

These were the facts or advantages of 3D printers. Now, let’s discuss negative side of 3D printing. :(

1. Toxic air emissions.

2. 3D printers are energy hogs.

3. Reliance on plastics.

4. Moving Parts.

5. High Voltages.

For detailed reports visit these websites:

The dark side of 3D printing: 10 things to watch

3D Printing - The Risks For Manufacturers

WARNING - How Safe is Your Desktop 3D Printer?

Toward the Printed World: Additive Manufacturing and Implications for National Security

Now, let us move forward to the main content for which we all are here ;)

So today while surfing different blogs and finding information about various IoT devices i came across a search query that returns internet connected 3D printers that are publicly accessible. Few of them were having current printing job in progress while others were idle. The search query i used was: title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944

Shodan search query returned results

I instantly opened few of the returned search results and messed up with on going printing jobs. Once instance is here:

Home page of OctoPrint internet connected 3D printers

This printer was located in U.S.A and was printing a 3D model of a chariot. From a attacker’s point of view one cause a lot of damage to this asset which can cause quite a lot of Dollars to recover the printer in proper working stage. I won’t discuss them all here for obvious reasons.

1. Modify printing activity: One can pause, cancel or slow down the current printing job and delay printing or change the end output of the model.
2. Breaking down printer: Attacker can change fan speed, temperature which may result in printer getting over heated and chances of catching fire.

3. Clearing intrusion traces: Attacker can delete activity traces and time lapses to prevent any suspicion.

4. Data Leak: Attacker can download source codes for model. This can be a bad incident if the printer is printing something that if gone in wrong hands may not result in a good work. Ex- College projects, samples getting leaked, etc.

5. Modify login control: A successful intrusion may result in admin panel login and other printer securities changed.

You could cause a lot of damage if you have successfully hacked a 3D printer.

Printer status reading

Now, let’s move forward to last topic of our story. Securing internet connected 3D printers.

Securing internet connected 3D printers:

1. Pick good password for login.

2. Secure your WiFi network.

3. Use a stand alone firewall.

4. Keep your device up to date with latest firmware updates.

8 tips to secure those IoT devices

Risk assessment:

The security issues 3D printing should solve before going mainstream - Help Net Security

This story is not detailed as IoT hacking and counter measures but still this much information should be enough to make people understand of the threats IoT devices are receiving continuously.

Closing Note:

Unfortunately, a clear IoT standard has yet to emerge, and it is difficult to say if any consensus is in sight.