Archive

Posts Tagged ‘Bambu’

Bambu lab communication and security – answer

November 25th, 2022 3 comments

On November 23, I posted this post regarding the lack of security with Bambu WAN mode. Today, they replied and I said their developers mostly had a background in robotics and thus little understanding of internet security, but they’ve started to educate themselves

want to comment on some misunderstandings here

“The printer doesn’t have an ethernet port and wifi isn’t secure with PSK”

It is important to point out that this statement is not entirely accurate as the printer supports Wi-Fi security protocols, including WPA/WPA2-PSK.If the WLAN is protected by WPA/WPA2-PSK, which is generally the default security protection nowadays on wireless routers, the WLAN connection should be relatively safe.

What I wrote in the article, was that anyone with the known PSK, that is, anyone connected to the average access point used, will be on the same network. That the network is encrypted with WPA, still means they all have the same key, so once logged into the network, it’s all cleartext between clients on that network. Still – it’s better than nothing, but the best thing is to encrypt everything.

So, they summerise

The security of the LAN mode depends on the security of the WLAN at the moment. It is vulnerable if the LAN is not properly secured. We will work on an improvement for this by January 2023 and we will share an update when that becomes available.

The HTTP connection to the cloud vulnerabilitty has now been fixed.

This is good! Kudos to Bambu lab for fixing this quickly!

The cleartext keyID is a misunderstanding.

My apologies.

So, the WAN connection is a bit safer, and the LAN connection works, ish. All we now need if we want to use this in LAN mode, is a working camera.

roy

Categories: Diverse Tags: , ,

Bambu lab X1-Carbon – the flipside

November 23rd, 2022 2 comments

First look at the Bambu X1-Carbon with AMS

Intro

The Bambu Lab X1-Carbon with AMS (Automatic Material System) is a very good and very fast 3D printer with all the automatic features you can dream of and a bit more. If you search youtube, you’ll find countless of videos about it and how awesome it is and so on. But as always, there’s the flipside…

Some minor issues first, which can be mostly ignored

– Noise! The printer’s stepper drivers are noisy. That the rest of the printer also makes a lot of noise, is understandable with the speed it’s running, but we’ve had TMC2209 drivers a long time now, which are very silent indeed. Bambu has chosen to use their own drivers, possibly because of price or availability.

– The hotend thermistor is the same glass bead type as used by Creality and a lot more. These work well, but only until they break. When they do, they usually break the thin single filament wires going the last 2cm or so into the glass bead. Since these are aluminium wires, they are practically impossible to fix, so you’ll need to get a new thermistor. This could have been fixed with a barrel-like thermistor. I don’t know what sort of thermistor the bed uses, but it wouldn’t surprise me if it were the same.

– The hotend and nozzle are integrated, so the amount of nozzles available, is greatly reduced. As far as I know, there is no way to use high-flow nozzles like those from 3dsolex and Bondtech CHT (which are licensed from 3dsolex, who holds the patent for these). They are, however, decently priced, unless you compare them to the dollar-a-dozen-packs from China.

Now to a worse one, which I find harder to ignore

I ran an nmap sweep of the printer, I found it listens to ports 21 and 3000. The former is FTP and the latter is unknown (pptp?). FTP made me wonder. I connected with an FTP client and could verify it was a vsFTP server, a popular FTP server on *nix platforms. BambuStudio uses FTP and MQTT (the latter also cleartext) to communicate to the printer if in LAN mode. An attacker can pick up the username and password easily, log in and download videos and other files and also delete these from the printer. She may also (possibly, not tested) inject MQTT, which is used to control everything, which is worse. The FTP protocol is really outdated and has been for 10+ years. FTPS (that is, FTP with SSL/TLS) is an alternative, but impossible to use over NAT. SFTP (SSHs FTP version) is well proven and secure. The same applies to HTTPS. Sniffing the traffic between BambuStudio and the Bambu printer with wireshark, shows its login and password, which is as expected but indeed not a good idea. Some may argue that it should be secure-ish on a closed LAN, but then, the printer doesn’t have an ethernet port and wifi isn’t secure with PSK. If you have the key, it’s all cleartext unless it’s encrypted at higer leverls. Insecure protocols like FTP or telnet and the likes, are old and obsolete and should not be used in 2022.

And lastly, to the really bad stuff

The printer is more or less tied to using a cloud service. This is luckily local to the region you’re in, so since I’m in Norway, my printer speaks to a server in Frankfurt am Main, Germany. This is all nice until you look at the traffic, again with wireshark. BambuStudio opens a connection to the server over HTTP, meaning it’s all cleartext. The only authentication is OSSAccessKeyId=xxx in the URL, again, all in cleartext. This is completely insane, since anyone between the client (BambuStudio) and the server (somewhere in the cloud) can read this and the data sent, including opening up new HTTP sessions to the same server. HTTPS would’t have cost bambu anything, perhaps expcept they want a better certificate than those from Letsencrypt, but still, that’s not a lot.

Summary

It’s a good printer, by all means, but the total lack of encryption and use of archaic protocols like FTP, is alarming. I have seen a lot of bad equipment with similar issues during my >25 years in IT, but it has mostly been limited to PDUs and similar that can be easily isolated on their own network so that noone can sniff or alter the traffic. This cannot be done with the Bambu system, since it speaks to a cloud service and depends on this. The temporary solution to this, is to disconnect from the cloud completely, by using LAN mode on the printer. That way, you will have to setup the printer in BambuStudio again and you’ll lose all support for the Bambu Handy mobile app. You will also lose video support, which is possibly worse. The printer will still transmit data in cleartext, but only readable for those on the same network. Also, the printer will only be available on the local network to which it is connected, since it relies on mDNS, which is blocked in most routers. I have not found a way to manually add a printer to BambuStudio by its IP address.

Update 2022-11-24

Bambu lab replied to the bug report I sent them, along with the link to this blogpost and they wrote:

We appreciate all the feedback shared, and we want to assure you that our team is already working on improving the security of the printer network connection. At the moment I can’t give you an exact date for when the changes will come, but we are working on it.
At the same time, we will be sharing more information about this in a dedicated post. I will update the ticket when that happens. 

Update 2022-11-25

Bambu replied quickly and I have linked to their post and my comments on this blogpost

Categories: Diverse Tags: , ,