'Stupid mistake' caused 3D printers to take on a life of their own
3D printer monitoring company apologizes for serious error
The Spaghetti Detective (TSD), a company that monitors 3D printers remotely to catch potential errors, has issued an apology after a configuration mistake allowed prints to be sent to the wrong devices.
The error, described by founder Kenneth Jiang as ‘a stupid mistake’, let roughly 70 customers access and control each other’s 3D printers. In at least one instance, a user triggered a print on another person’s device.
In a blog post, an apologetic Jiang explained the security incident had come about as a result of attempted optimizations, which were supposed to improve the speed and efficiency of the company’s service.
- Check out our list of the best home printers right now
- Here's our list of the best inkjet printers available
- We've built a list of the best laser printers on the market
3D printers go rogue
The problem was made possible by a feature called auto-discovery, which gives customers an easy way to synchronize their printers with their TSD accounts. As Jiang explains, the feature makes use of the fact that devices share the same public IP address when on the same local network.
“When I went through the load-balancer reconfiguration, I made a mistake by missing a configuration to let the load balancer pass the public IP address of the connecting client to the backend TSD server. Instead, the load-balancer would just pass its own IP address to the server,” he wrote.
“As a result, the server got the same IP address of the users who happened to be connecting their printer to TSD at the same time. The server thought they were on the same local network, and hence allowed them to link each other’s printers!”
Jiang says the security hole was live for about eight hours, but has since been closed off. All 73 affected users have also been notified.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Although the likelihood that all 73 were attempting to link their 3D printers at the same time is low, The Spaghetti Detective also took additional precautionary steps, including turning off auto-discovery and disabling remote access for affected customers.
“I don’t want to sugar-coat this. This is a serious security vulnerability,” said Jiang. “My sincere apologies to our community for this horrible mistake.”
- Here's our list of the best small business printers
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.