Security Issue of Anycubic Cloud

Firmware Update - March 15, 2024

1. This firmware upgrade includes two significant security enhancements:

Rectification of an issue that could potentially result in unexpected deletion of firmware files.
Elimination of unnecessary instructions to bolster overall system security.

Please refer to the following links for firmware updates tailored to your specific model:

Kobra 2 Pro: Firmware Upgrade Guide
Kobra 2 Plus: Firmware Upgrade Guide
Kobra 2 Max: Firmware Upgrade Guide

2. Firmware Upgrade 3.1.2 Notes:

In the course of addressing security vulnerabilities, we received proactive engagement from reverse engineers who provided invaluable technical support, expediting the resolution process. This collaborative effort led to:

Identification and mitigation of the vulnerability allowing potential illegal access to the MQTT server for the transmission of abnormal commands.
Identification and resolution of hazardous commands embedded within the firmware.

This incident underscores the importance of fortifying our focus on device security. We are committed to maintaining open communication channels and continually enhancing product quality in response.

Firmware Update - March 5, 2024

As planned, we have updated the firmware for the Kobra 2 series on the security issue with Anycubic Cloud that occurred earlier.

The 3.1.0 Firmware Updates

Key Changes:

Enhanced security verification for file downloads.
Strengthened security measures for server connections.

For a secure firmware upgrade experience, this update will be conducted through OTA upgrades. Please find the firmware updates for your specific model:

Kobra 2 Pro: Firmware Upgrade Guide
Kobra 2 Plus: Firmware Upgrade Guide
Kobra 2 Max: Firmware Upgrade Guide

Upgrade Instructions:

For firmware versions below 3.0.3, users will first receive an upgrade prompt for version 3.0.3. After upgrading to version 3.0.3, another prompt for the 3.1.0 firmware upgrade will follow. Once the 3.1.0 upgrade is completed, normal usage can resume.
For firmware versions equal to or higher than 3.0.3, users will directly receive the upgrade prompt for version 3.1.0. Click on the firmware upgrade option, and once the upgrade is completed, normal usage can resume.

----------------------------------------------------------------------

Dear Anycubic Users,

First of all, we sincerely apologize for the cloud security issue that happened to our customers. This is our responsibility and we are truly sorry for the late response.

What Happened?

On February 26th (UTC-5), we received a user's email reminding the vulnerabilities of the MQTT server of Anycubic.

On February 27th (UTC-5), multiple users reported the presence of "hacked_machine_readme.gcode" on the screen of their Anycubic Kobra 2 Pro/Plus/Max.

As of the time of this statement, a total of 237 devices have been affected. Preliminary findings suggest that over 2,000 devices have received this file.

Upon investigating the logs customers sent to us, it was found that these printers received remote commands to download "message.txt" documents from another cloud server (not Anycubic server) and rename the "message.txt" to "hacked_machine_readme.gcode".

We confirm that this incident was caused by a third party using a security vulnerability of the MQTT server to access users' printers.

How Do We Plan To Solve This?

We have undertaken the following measures:

Strengthened the security verification steps of the cloud server
Strengthened authorization/permission management in the cloud server
Currently improving the security verification of firmware (new firmware will be available on March 5th.)

Further steps:

Implementing network segmentation measures to restrict external access to services
Conducting regularly audits and updates for systems, software, and the MQTT server

Recommended Actions for Users

If you find the "hacked_machine_readme.gcode" file on the screen, please note that this file is harmless and can be manually deleted through the printer's screen.

If you find the "hacked_machine_readme.gcode" file on the USB drive, please delete the file using your PC.

If the "hacked_machine_readme.gcode" file is not found on the printer, you are good to use the printer, and the cloud service can also be used normally.

For those who feel uncomfortable with the cloud service, you easily disable the WiFi via the printer's screen. ("how to disable the WiFi" shown below)

We understand the widespread concern on this issue. We are responsible for issue occurrence and assure users that addressing it is our utmost priority. The Anycubic team is ready to assist in resolving the matter. If you have encountered the mentioned issue, you can contact us directly by sending an email to service@anycubic3d.com. Our team will respond as soon as possible.

We Are Open For Suggestion

We deeply apologize for the inconvenience caused to our users. We welcome any suggestions, and if you have any input regarding vulnerabilities or other concerns, please feel free to send them to feedback@anycubic.com. Your suggestion is highly valuable to Anycubic to continuous improvement.

Since cloud services are widely used nowadays, we are actively seeking professional cloud security solutions to enhance the security of Anycubic's cloud platform.

More information will be shared on our official website.

Best regards,

Anycubic Team

February 5, 2024

ACF 2024: Guide to Anycubic Fantastics Weeks for Big Deals and Sales