Bambu Lab Authorization Control System: Difference between revisions

Line 4:

== Controversies Regarding Firmware Updates ==

[[File:Bambu tos screenshot.png|alt=bambu terms stating print jobs may not function properly if update is not performed to new firmware which is highly limiting. |thumb|~~bambu~~ terms regarding printer functionality & potential for disrupted print jobs if users do not update to a new firmware that radically restricts the autonomy of the owner of the printer]]

[[File:Bambu tos screenshot.png|alt=bambu terms stating print jobs may not function properly if update is not performed to new firmware which is highly limiting. |thumb|Bambu terms regarding printer functionality & potential for disrupted print jobs if users do not update to a new firmware that radically restricts the autonomy of the owner of the printer]]

=== Potential for Remote Disabling of Printers ===

Line 19:

* Utilizing LAN connections or VPN setups, yet LAN mode requires authorization now.

* Exploring alternative firmware or third-party scripts to restore full functionality<ref>https://old.reddit.com/r/BambuLab/comments/1i45iy2/bambu_lab_reserves_the_right_to_brick_your/m7t8i7r/</ref>.

== Bambu Lab's Justification and Rebuttal ==

Bambu Lab has stated that the authorization system is in place in order to protect against "remote hacks," "printer exposure," and "abnormal traffic or attacks." However, there are several ways to mitigate these risks without the loss of user control that their system causes:

* The "remote hacks" that were cited as an example in the article seem to be a direct result of the 3D printer vendor not responding properly to a reported security vulnerability in their product<ref>[https://www.bitdefender.com/en-au/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw?ref=blog.bambulab.com https://www.bitdefender.com/en-au/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw]</ref>. Therefore, in order to get attention, the researcher decided to infect machines and display a harmless message to spread publicity. Properly responding to security vulnerabilities, working to patch them quickly, and working with the security community (who would be more than happy to help secure products) would be some ways to prevent this.

* In the article cited about printer exposure, it was done largely due to misconfiguration on the part of users<ref>[https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html]</ref>. Printer exposure can be mitigated by offering more convenient ways to securely expose printers to the internet, so users are not tempted to allow unauthenticated access over the network.

* The "abnormal traffic" can be mitigated by steps Bambu has already put in place, as detailed in their own article on the matter<ref>[https://wiki.bambulab.com/en/security-incidents-cloud-traffic?ref=blog.bambulab.com https://wiki.bambulab.com/en/security-incidents-cloud-traffic]</ref>.

The system that Bambu has chosen to implement is overly restrictive and unnecessary, and does more harm than good, as detailed in the rest of this article.

== Issues with LAN Mode Requiring Authorization ==

@@ Line 4: / Line 4: @@
 == Controversies Regarding Firmware Updates ==
-[[File:Bambu tos screenshot.png|alt=bambu terms stating print jobs may not function properly if update is not performed to new firmware which is highly limiting. |thumb|bambu terms regarding printer functionality & potential for disrupted print jobs if users do not update to a new firmware that radically restricts the autonomy of the owner of the printer]]
+[[File:Bambu tos screenshot.png|alt=bambu terms stating print jobs may not function properly if update is not performed to new firmware which is highly limiting. |thumb|Bambu terms regarding printer functionality & potential for disrupted print jobs if users do not update to a new firmware that radically restricts the autonomy of the owner of the printer]]
 === Potential for Remote Disabling of Printers ===
@@ Line 19: / Line 19: @@
 * Utilizing LAN connections or VPN setups, yet LAN mode requires authorization now.
 * Exploring alternative firmware or third-party scripts to restore full functionality<ref>https://old.reddit.com/r/BambuLab/comments/1i45iy2/bambu_lab_reserves_the_right_to_brick_your/m7t8i7r/</ref>.
+== Bambu Lab's Justification and Rebuttal ==
+Bambu Lab has stated that the authorization system is in place in order to protect against "remote hacks," "printer exposure," and "abnormal traffic or attacks." However, there are several ways to mitigate these risks without the loss of user control that their system causes:
+* The "remote hacks" that were cited as an example in the article seem to be a direct result of the 3D printer vendor not responding properly to a reported security vulnerability in their product<ref>[https://www.bitdefender.com/en-au/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw?ref=blog.bambulab.com https://www.bitdefender.com/en-au/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw]</ref>. Therefore, in order to get attention, the researcher decided to infect machines and display a harmless message to spread publicity. Properly responding to security vulnerabilities, working to patch them quickly, and working with the security community (who would be more than happy to help secure products) would be some ways to prevent this.
+* In the article cited about printer exposure, it was done largely due to misconfiguration on the part of users<ref>[https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html]</ref>. Printer exposure can be mitigated by offering more convenient ways to securely expose printers to the internet, so users are not tempted to allow unauthenticated access over the network.
+* The "abnormal traffic" can be mitigated by steps Bambu has already put in place, as detailed in their own article on the matter<ref>[https://wiki.bambulab.com/en/security-incidents-cloud-traffic?ref=blog.bambulab.com https://wiki.bambulab.com/en/security-incidents-cloud-traffic]</ref>.
+The system that Bambu has chosen to implement is overly restrictive and unnecessary, and does more harm than good, as detailed in the rest of this article.
 == Issues with LAN Mode Requiring Authorization ==