Home > Diverse > Bambu lab X1-Carbon – the flipside

Bambu lab X1-Carbon – the flipside

November 23rd, 2022 Leave a comment Go to comments

First look at the Bambu X1-Carbon with AMS


The Bambu Lab X1-Carbon with AMS (Automatic Material System) is a very good and very fast 3D printer with all the automatic features you can dream of and a bit more. If you search youtube, you’ll find countless of videos about it and how awesome it is and so on. But as always, there’s the flipside…

Some minor issues first, which can be mostly ignored

– Noise! The printer’s stepper drivers are noisy. That the rest of the printer also makes a lot of noise, is understandable with the speed it’s running, but we’ve had TMC2209 drivers a long time now, which are very silent indeed. Bambu has chosen to use their own drivers, possibly because of price or availability.

– The hotend thermistor is the same glass bead type as used by Creality and a lot more. These work well, but only until they break. When they do, they usually break the thin single filament wires going the last 2cm or so into the glass bead. Since these are aluminium wires, they are practically impossible to fix, so you’ll need to get a new thermistor. This could have been fixed with a barrel-like thermistor. I don’t know what sort of thermistor the bed uses, but it wouldn’t surprise me if it were the same.

– The hotend and nozzle are integrated, so the amount of nozzles available, is greatly reduced. As far as I know, there is no way to use high-flow nozzles like those from 3dsolex and Bondtech CHT (which are licensed from 3dsolex, who holds the patent for these). They are, however, decently priced, unless you compare them to the dollar-a-dozen-packs from China.

Now to a worse one, which I find harder to ignore

I ran an nmap sweep of the printer, I found it listens to ports 21 and 3000. The former is FTP and the latter is unknown (pptp?). FTP made me wonder. I connected with an FTP client and could verify it was a vsFTP server, a popular FTP server on *nix platforms. BambuStudio uses FTP and MQTT (the latter also cleartext) to communicate to the printer if in LAN mode. An attacker can pick up the username and password easily, log in and download videos and other files and also delete these from the printer. She may also (possibly, not tested) inject MQTT, which is used to control everything, which is worse. The FTP protocol is really outdated and has been for 10+ years. FTPS (that is, FTP with SSL/TLS) is an alternative, but impossible to use over NAT. SFTP (SSHs FTP version) is well proven and secure. The same applies to HTTPS. Sniffing the traffic between BambuStudio and the Bambu printer with wireshark, shows its login and password, which is as expected but indeed not a good idea. Some may argue that it should be secure-ish on a closed LAN, but then, the printer doesn’t have an ethernet port and wifi isn’t secure with PSK. If you have the key, it’s all cleartext unless it’s encrypted at higer leverls. Insecure protocols like FTP or telnet and the likes, are old and obsolete and should not be used in 2022.

And lastly, to the really bad stuff

The printer is more or less tied to using a cloud service. This is luckily local to the region you’re in, so since I’m in Norway, my printer speaks to a server in Frankfurt am Main, Germany. This is all nice until you look at the traffic, again with wireshark. BambuStudio opens a connection to the server over HTTP, meaning it’s all cleartext. The only authentication is OSSAccessKeyId=xxx in the URL, again, all in cleartext. This is completely insane, since anyone between the client (BambuStudio) and the server (somewhere in the cloud) can read this and the data sent, including opening up new HTTP sessions to the same server. HTTPS would’t have cost bambu anything, perhaps expcept they want a better certificate than those from Letsencrypt, but still, that’s not a lot.


It’s a good printer, by all means, but the total lack of encryption and use of archaic protocols like FTP, is alarming. I have seen a lot of bad equipment with similar issues during my >25 years in IT, but it has mostly been limited to PDUs and similar that can be easily isolated on their own network so that noone can sniff or alter the traffic. This cannot be done with the Bambu system, since it speaks to a cloud service and depends on this. The temporary solution to this, is to disconnect from the cloud completely, by using LAN mode on the printer. That way, you will have to setup the printer in BambuStudio again and you’ll lose all support for the Bambu Handy mobile app. You will also lose video support, which is possibly worse. The printer will still transmit data in cleartext, but only readable for those on the same network. Also, the printer will only be available on the local network to which it is connected, since it relies on mDNS, which is blocked in most routers. I have not found a way to manually add a printer to BambuStudio by its IP address.

Update 2022-11-24

Bambu lab replied to the bug report I sent them, along with the link to this blogpost and they wrote:

We appreciate all the feedback shared, and we want to assure you that our team is already working on improving the security of the printer network connection. At the moment I can’t give you an exact date for when the changes will come, but we are working on it.
At the same time, we will be sharing more information about this in a dedicated post. I will update the ticket when that happens. 

Update 2022-11-25

Bambu replied quickly and I have linked to their post and my comments on this blogpost

Categories: Diverse Tags: , ,
  1. Jianjia
    November 25th, 2022 at 13:52 | #1

    Hi Roy,
    This is Jianjia from Bambu lab. Thank you for pointing out your concerns.
    We have made actions and response to your blog here
    I do hope you can continue to help us improving the printer together, thansks 🙂

  2. ArturD
    January 6th, 2023 at 22:03 | #3

    Port 3000 is the default port for the Ruby on Rails development server… 😉

  1. November 25th, 2022 at 19:21 | #1