Consumer Rights Wiki

Bambu Lab Authorization Control System: Difference between revisions

← Older editNewer edit →
VisualWikitext
Andrew V (talk | contribs)
confirmed, superconfirmed
674 edits
Andrew V (talk | contribs)
confirmed, superconfirmed
674 edits
Line 21: Line 21:
This announcement, after the edit in question, clearly states in the header - '''''Updated: January 17, 2025''' - to include additional details and FAQs where the '''What happens if I never upgrade to this firmware?''' among others was added.''
This announcement, after the edit in question, clearly states in the header - '''''Updated: January 17, 2025''' - to include additional details and FAQs where the '''What happens if I never upgrade to this firmware?''' among others was added.''


As per webpage oldest snapshot from '''archive.is'''<ref name="firmware-update-introducing-new-authorization-control-system-22">{{Cite web |last=@BambuKidd |date=16 Jan 2025 |title=Firmware Update Introducing New Authorization Control System |url=https://blog.bambulab.com/firmware-update-introducing-new-authorization-control-system-2/ |url-status=live |archive-url=https://archive.is/ejq3R |archive-date=16 Jan 2025 |access-date=1 May 2025 |website=Bambu Lab Blog}}</ref> dated 16 Jan 2025 17:31 UTC there are two references if choosing to stay on the old firmware:<blockquote>
As per webpage oldest snapshot from '''archive.is'''<ref name="firmware-update-introducing-new-authorization-control-system-22">{{Cite web |last=@BambuKidd |date=16 Jan 2025 |title=Firmware Update Introducing New Authorization Control System |url=https://blog.bambulab.com/firmware-update-introducing-new-authorization-control-system-2/ |url-status=live |archive-url=https://archive.is/ejq3R |archive-date=16 Jan 2025 |access-date=1 May 2025 |website=[[Bambu Lab]] Blog}}</ref> dated 16 Jan 2025 17:31 UTC there are two references if choosing to stay on the old firmware:<blockquote>


====<sup> Important Information for End Users </sup>====
====<sup> Important Information for End Users </sup>====
Line 53: Line 53:
Bambu Lab has stated that the authorization system is in place in order to protect against "remote hacks," "printer exposure," and "abnormal traffic or attacks." There are, however, several ways to mitigate these risks without the loss of user control that their system causes:
Bambu Lab has stated that the authorization system is in place in order to protect against "remote hacks," "printer exposure," and "abnormal traffic or attacks." There are, however, several ways to mitigate these risks without the loss of user control that their system causes:


*'''The "remote hacks" that were cited as an example in the article seem to be a direct result of the 3D-printer vendor not responding properly to a reported security vulnerability in their product.<ref>{{Cite web |last=Cluley |first=Graham |date=1 Mar 2024 |title=Someone is hacking 3D printers to warn owners of a security flaw |url=https://www.bitdefender.com/en-au/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw?ref=blog.bambulab.com |url-status=live |access-date=1 May 2025 |website=Bitdefender |archive-url=https://web.archive.org/web/20260216002646/https://www.bitdefender.com/en-au/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw?ref=blog.bambulab.com |archive-date=16 Feb 2026}}</ref> Therefore, in order to get attention, the researcher decided to infect machines and display a harmless message to spread publicity.''' Properly responding to security vulnerabilities, working to patch them quickly, and working with the security community (who would be more than happy to help secure products) would be some ways to prevent this.
*'''The "remote hacks" that were cited as an example in the article seem to be a direct result of the 3D-printer vendor not responding properly to a reported security vulnerability in their product.<ref>{{Cite web |last=Cluley |first=Graham |date=1 Mar 2024 |title=Someone is hacking 3D printers to warn owners of a security flaw |url=https://www.bitdefender.com/en-au/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw?ref=blog.bambulab.com |url-status=live |archive-url=https://web.archive.org/web/20260216002646/https://www.bitdefender.com/en-au/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw?ref=blog.bambulab.com |archive-date=16 Feb 2026 |access-date=1 May 2025 |website=[[Bitdefender]]}}</ref> Therefore, in order to get attention, the researcher decided to infect machines and display a harmless message to spread publicity.''' Properly responding to security vulnerabilities, working to patch them quickly, and working with the security community (who would be more than happy to help secure products) would be some ways to prevent this.
*In the article cited about printer exposure, the hack was carried out largely because of user misconfiguration.<ref>{{Cite web |last=Ms. Smith |date=5 Sep 2018 |title=Over 3,700 exposed 3D printers open to remote attackers |url=https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com |url-status=live |access-date=1 May 2025 |website=CSO |archive-url=https://web.archive.org/web/20260216002556/https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com |archive-date=16 Feb 2026}}</ref> Printer exposure can be mitigated by offering more convenient ways to securely expose printers to the internet, so that users are not tempted to allow unauthenticated access over the network.
*In the article cited about printer exposure, the hack was carried out largely because of user misconfiguration.<ref>{{Cite web |last=Ms. Smith |date=5 Sep 2018 |title=Over 3,700 exposed 3D printers open to remote attackers |url=https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com |url-status=live |archive-url=https://web.archive.org/web/20260216002556/https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com |archive-date=16 Feb 2026 |access-date=1 May 2025 |website=[[CSO]]}}</ref> Printer exposure can be mitigated by offering more convenient ways to securely expose printers to the internet, so that users are not tempted to allow unauthenticated access over the network.
*The "abnormal traffic" can be mitigated by steps Bambu has already put in place, as detailed in their own article on the matter.<ref>{{Cite web |title=Summary of Security Incident Responses and Abnormal Cloud Traffic |url=https://wiki.bambulab.com/en/security-incidents-cloud-traffic?ref=blog.bambulab.com |url-status=live |access-date=1 May 2025 |website=Bambu Lab Wiki |archive-url=https://web.archive.org/web/20260216003052/https://wiki.bambulab.com/en/security-incidents-cloud-traffic?ref=blog.bambulab.com |archive-date=16 Feb 2026}}</ref>
*The "abnormal traffic" can be mitigated by steps Bambu has already put in place, as detailed in their own article on the matter.<ref>{{Cite web |title=Summary of Security Incident Responses and Abnormal Cloud Traffic |url=https://wiki.bambulab.com/en/security-incidents-cloud-traffic?ref=blog.bambulab.com |url-status=live |archive-url= |archive-date= |access-date=1 May 2025 |website=[[Bambu Lab]] Wiki}}</ref>
*"Other malicious devices in the LAN" can be partially mitigated by steps Bambu has already put in place, as detailed in their own article on the matter.<ref>{{Cite web |last=@SpaghettiMonster |date=25 Nov 2022 |title=Answering network security concerns for our printers |url=https://blog.bambulab.com/answering-network-security-concerns/ |url-status=live |access-date=1 May 2025 |website=Bambu Lab Blog |archive-url=https://web.archive.org/web/20260216001754/https://blog.bambulab.com/answering-network-security-concerns/ |archive-date=16 Feb 2026}}</ref> Another mitigation is to add stronger authentication mechanisms, rather than using a weak pre-shared LAN access code as is currently the case.
*"Other malicious devices in the LAN" can be partially mitigated by steps Bambu has already put in place, as detailed in their own article on the matter.<ref>{{Cite web |last=@SpaghettiMonster |date=25 Nov 2022 |title=Answering network security concerns for our printers |url=https://blog.bambulab.com/answering-network-security-concerns/ |url-status=live |access-date=1 May 2025 |website=Bambu Lab Blog |archive-url=https://web.archive.org/web/20260216001754/https://blog.bambulab.com/answering-network-security-concerns/ |archive-date=16 Feb 2026}}</ref> Another mitigation is to add stronger authentication mechanisms, rather than using a weak pre-shared LAN access code as is currently the case.


==Issues with LAN mode requiring authorization==
==Issues with LAN mode requiring authorization==
[[File:Bambu Connect App - Lan Device Discovery without Bambu Login.png|thumb|Bambu Connect App - Lan Device Discovery without Bambu Login]]
[[File:Bambu Connect App - Lan Device Discovery without Bambu Login.png|thumb|Bambu Connect App - Lan Device Discovery without Bambu Login]]
Bambu Lab printers have the ability to be controlled over both cloud and LAN. This allowed users to integrate their printers into private networks and maintain full control without having to rely on the manufacturer's server while also allowing cloud access. The new authorization system mandates that even LAN-based operations must go through an authentication process using Bambu Connect to retain full control.<ref name="bambu-connect">{{Cite web |title=Bambu Connect (beta) |url=https://wiki.bambulab.com/en/software/bambu-connect |url-status=live |access-date=1 May 2025 |website=Bambu Lab Wiki |archive-url=https://web.archive.org/web/20260216001924/https://wiki.bambulab.com/en/software/bambu-connect |archive-date=16 Feb 2026}}</ref> Full local access is still possible and unchanged for those not using the cloud.
Bambu Lab printers have the ability to be controlled over both cloud and LAN. This allowed users to integrate their printers into private networks and maintain full control without having to rely on the manufacturer's server while also allowing cloud access. The new authorization system mandates that even LAN-based operations must go through an authentication process using Bambu Connect to retain full control.<ref name="bambu-connect">{{Cite web |title=Bambu Connect (beta) |url=https://wiki.bambulab.com/en/software/bambu-connect |url-status=live |archive-url=https://ghostarchive.org/archive/CVCtK |archive-date=2026-03-30 |access-date=1 May 2025 |website=Bambu Lab Wiki}}</ref> Full local access is still possible and unchanged for those not using the cloud.


This change has drawn criticism for many reasons:
This change has drawn criticism for many reasons:
Retrieved from "https://consumerrights.wiki/w/Bambu_Lab_Authorization_Control_System"