Consumer Rights Wiki

Bambu Lab Authorization Control System: Difference between revisions

← Older editNewer edit →
VisualWikitext
Andrew V (talk | contribs)
confirmed, superconfirmed
674 edits
Andrew V (talk | contribs)
confirmed, superconfirmed
674 edits
Line 56: Line 56:
*In the article cited about printer exposure, the hack was carried out largely because of user misconfiguration.<ref>{{Cite web |last=Ms. Smith |date=5 Sep 2018 |title=Over 3,700 exposed 3D printers open to remote attackers |url=https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com |url-status=live |archive-url=https://web.archive.org/web/20260216002556/https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com |archive-date=16 Feb 2026 |access-date=1 May 2025 |website=[[CSO]]}}</ref> Printer exposure can be mitigated by offering more convenient ways to securely expose printers to the internet, so that users are not tempted to allow unauthenticated access over the network.
*In the article cited about printer exposure, the hack was carried out largely because of user misconfiguration.<ref>{{Cite web |last=Ms. Smith |date=5 Sep 2018 |title=Over 3,700 exposed 3D printers open to remote attackers |url=https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com |url-status=live |archive-url=https://web.archive.org/web/20260216002556/https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com |archive-date=16 Feb 2026 |access-date=1 May 2025 |website=[[CSO]]}}</ref> Printer exposure can be mitigated by offering more convenient ways to securely expose printers to the internet, so that users are not tempted to allow unauthenticated access over the network.
*The "abnormal traffic" can be mitigated by steps Bambu has already put in place, as detailed in their own article on the matter.<ref>{{Cite web |title=Summary of Security Incident Responses and Abnormal Cloud Traffic |url=https://wiki.bambulab.com/en/security-incidents-cloud-traffic?ref=blog.bambulab.com |url-status=live |archive-url= |archive-date= |access-date=1 May 2025 |website=[[Bambu Lab]] Wiki}}</ref>
*The "abnormal traffic" can be mitigated by steps Bambu has already put in place, as detailed in their own article on the matter.<ref>{{Cite web |title=Summary of Security Incident Responses and Abnormal Cloud Traffic |url=https://wiki.bambulab.com/en/security-incidents-cloud-traffic?ref=blog.bambulab.com |url-status=live |archive-url= |archive-date= |access-date=1 May 2025 |website=[[Bambu Lab]] Wiki}}</ref>
*"Other malicious devices in the LAN" can be partially mitigated by steps Bambu has already put in place, as detailed in their own article on the matter.<ref>{{Cite web |last=@SpaghettiMonster |date=25 Nov 2022 |title=Answering network security concerns for our printers |url=https://blog.bambulab.com/answering-network-security-concerns/ |url-status=live |access-date=1 May 2025 |website=Bambu Lab Blog |archive-url=https://web.archive.org/web/20260216001754/https://blog.bambulab.com/answering-network-security-concerns/ |archive-date=16 Feb 2026}}</ref> Another mitigation is to add stronger authentication mechanisms, rather than using a weak pre-shared LAN access code as is currently the case.
*"Other malicious devices in the LAN" can be partially mitigated by steps Bambu has already put in place, as detailed in their own article on the matter.<ref>{{Cite web |last=@SpaghettiMonster |date=25 Nov 2022 |title=Answering network security concerns for our printers |url=https://blog.bambulab.com/answering-network-security-concerns/ |url-status=live |archive-url=https://web.archive.org/web/20260216001754/https://blog.bambulab.com/answering-network-security-concerns/ |archive-date=16 Feb 2026 |access-date=1 May 2025 |website=[[Bambu Lab]] Blog}}</ref> Another mitigation is to add stronger authentication mechanisms, rather than using a weak pre-shared LAN access code as is currently the case.


==Issues with LAN mode requiring authorization==
==Issues with LAN mode requiring authorization==
Line 66: Line 66:
**Confidentiality required by US Law - This is in conflict with those that have to comply with 18 CFR § 3a.61, 32 CFR § 117.15, 32 CFR § 2001.47, and other restrictions.
**Confidentiality required by US Law - This is in conflict with those that have to comply with 18 CFR § 3a.61, 32 CFR § 117.15, 32 CFR § 2001.47, and other restrictions.
*'''Loss of offline independence while also using cloud''': Before, users could have hybrid offline setups. The requirement for authentication removes this option unless users revert to older firmware versions, which Bambu does not allow people to do once they have updated to the firmware using the new scheme.
*'''Loss of offline independence while also using cloud''': Before, users could have hybrid offline setups. The requirement for authentication removes this option unless users revert to older firmware versions, which Bambu does not allow people to do once they have updated to the firmware using the new scheme.
*'''Increased complexity''': The added authentication layer complicates workflows for users who built custom setups or relied on third-party integrations for LAN control while retaining cloud functionality.<ref name=":4">{{Cite web |last=@edlboston |date=Jan 2023 |title=Yes, I know about the LAN mode. But as has been stated by many people, things like the camera will not work, nor will the Handy app. There is no technical reason that these are bound to the cloud. This is the problem and why I titled this FULL Non-Cloud Network. |url=https://forum.bambulab.com/t/full-non-cloud-based-network-option-needed/3643 |url-status=live |access-date=1 May 2025 |website=Bambu Lab Community Forum |archive-url=https://web.archive.org/web/20260216002035/https://forum.bambulab.com/t/full-non-cloud-based-network-option-needed/3643 |archive-date=16 Feb 2026}}</ref>
*'''Increased complexity''': The added authentication layer complicates workflows for users who built custom setups or relied on third-party integrations for LAN control while retaining cloud functionality.<ref name=":4">{{Cite web |last=@edlboston |date=Jan 2023 |title=Full Non-Cloud Based Network Option Needed |url=https://forum.bambulab.com/t/full-non-cloud-based-network-option-needed/3643 |url-status=live |archive-url=https://ghostarchive.org/archive/1ee4F |archive-date=2026-03-30 |access-date=2025-05-01 |website=[[Bambu Lab]] Community Forum |quote=Yes, I know about the LAN mode. But as has been stated by many people, things like the camera will not work, nor will the Handy app. There is no technical reason that these are bound to the cloud. This is the problem and why I titled this FULL Non-Cloud Network.}}</ref>


It is worth noting that:
It is worth noting that:
Line 262: Line 262:
Like 2D printers, Bambu Lab's update restricts functionality previously available to users and pushes them toward proprietary software and cloud-based control.
Like 2D printers, Bambu Lab's update restricts functionality previously available to users and pushes them toward proprietary software and cloud-based control.


A parallel specific to the 3D-printing industry can also be drawn from the now-defunct 3D-printer manufacturer [[MakerBot]], whose shift from open-source, DIY-focused machines in 2012 to closed-source, proprietary machines (similarly to Bambu Labs), ultimately drove customers to less-expensive, open-source competitors.<ref>{{Cite web |last=Benchoff |first=Brian |date=28 Apr 2016 |title=The MakerBot Obituary |url=https://hackaday.com/2016/04/28/the-makerbot-obituary/ |url-status=live |access-date=1 May 2025 |website=hackaday.com |archive-url=http://web.archive.org/web/20251208222057/https://hackaday.com/2016/04/28/the-makerbot-obituary/ |archive-date=8 Dec 2025}}</ref> MakerBot was also accused of asserting ownership over publicly available, open-source designs uploaded to its 3D print repository, Thingiverse.<ref>{{Cite web |last=Biggs |first=John |date=28 May 2014 |title=MakerBot Responds To Critics Who Claim It Is Stealing Community IP |url=https://techcrunch.com/2014/05/28/makerbot-responds-to-critics-who-claim-it-is-stealing-community-ip/ |url-status=live |access-date=1 May 2025 |website=TechCrunch |archive-url=http://web.archive.org/web/20251111041317/https://techcrunch.com/2014/05/28/makerbot-responds-to-critics-who-claim-it-is-stealing-community-ip/ |archive-date=11 Nov 2025}}</ref> These factors contributed to MakerBot steadily losing their position and reputation as an industry leader, before getting absorbed by rival Ultimaker in 2022.
A parallel specific to the 3D-printing industry can also be drawn from the now-defunct 3D-printer manufacturer [[MakerBot]], whose shift from open-source, DIY-focused machines in 2012 to closed-source, proprietary machines (similarly to Bambu Labs), ultimately drove customers to less-expensive, open-source competitors.<ref>{{Cite web |last=Benchoff |first=Brian |date=28 Apr 2016 |title=The MakerBot Obituary |url=https://hackaday.com/2016/04/28/the-makerbot-obituary/ |url-status=live |archive-url=http://web.archive.org/web/20251208222057/https://hackaday.com/2016/04/28/the-makerbot-obituary/ |archive-date=8 Dec 2025 |access-date=1 May 2025 |website=[[Hackaday]]}}</ref> MakerBot was also accused of asserting ownership over publicly available, open-source designs uploaded to its 3D print repository, Thingiverse.<ref>{{Cite web |last=Biggs |first=John |date=28 May 2014 |title=MakerBot Responds To Critics Who Claim It Is Stealing Community IP |url=https://techcrunch.com/2014/05/28/makerbot-responds-to-critics-who-claim-it-is-stealing-community-ip/ |url-status=live |archive-url=http://web.archive.org/web/20251111041317/https://techcrunch.com/2014/05/28/makerbot-responds-to-critics-who-claim-it-is-stealing-community-ip/ |archive-date=11 Nov 2025 |access-date=1 May 2025 |website=[[TechCrunch]]}}</ref> These factors contributed to MakerBot steadily losing their position and reputation as an industry leader, before getting absorbed by rival Ultimaker in 2022.
==TOS restricting development of third party devices and accessories==
==TOS restricting development of third party devices and accessories==


Retrieved from "https://consumerrights.wiki/w/Bambu_Lab_Authorization_Control_System"