Login
You're viewing the mstdn.social public feed.
  • Jan 18, 2025, 2:57 PM

    Can someone please explain to me why requiring authentication and authorization to control Bambu Labs printers is a bad thing? We see SCADA and other industrial devices getting wrecked all of the time for trusting all input and commands.

    Is it because the authorization is performed by the Bambu Labs cloud and not on the device?

    Are they forbidding or blocking custom firmware that can maintain third-party software support?

    #BambuLab #Bambu #BambuLabs #InfoSec #Firmware #3dPrinting

    💬 3🔄 1⭐ 0

Replies

  • Jan 18, 2025, 3:35 PM

    This thread has some helpful context and links to a Reddit post.

    fosstodon.org/@vordenken/11384

    I'm pausing my usage of my printer and will hold off on the firmware update.

    I still don't see anything clear on if this change requires Internet connectivity or if the authentication and authorization can be performed locally on device/LAN without Internet connectivity.

    I overall agree that this is a bad direction.

    I think that adding security around printer controls is good. But, I don't understand why it was done in a way that blocks third-party tools. This screams "security through obscurity" and DRM. Both are more security theater than actual security. There has to be a better AAA option that also supports third-party software.

    #BambuLab #BambuLabs #3dPrinting #InfoSec

    💬 0🔄 0⭐ 0
  • Jan 18, 2025, 3:27 PM

    @seanm

    Having such a printer, the device handles the auth itself when in LAN-only mode.

    Mine's isolated from everything except for the PC I'm sending gcode from while I'm using it.

    💬 0🔄 0⭐ 0
  • Jan 20, 2025, 7:53 PM

    @seanm a lot of us are deeply suspicious of this behavior, because this is the exact behavior that MakerBot and Flashforge did. Davinci did it as well I think.

    It's a sign your relationships with Bambu is about to really suck

    💬 0🔄 0⭐ 0