‘Stupid mistake’ caused 3D printers to take on a life of their own

3D printer monitoring company apologizes for serious error

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The Spaghetti Detective (TSD), a company that monitors3D printersremotely to catch potential errors, has issued an apology after a configuration mistake allowed prints to be sent to the wrong devices.

The error, described by founder Kenneth Jiang as ‘a stupid mistake’, let roughly 70 customers access and control each other’s 3D printers. In at least one instance, a user triggered a print on another person’s device.

In ablog post, an apologetic Jiang explained the security incident had come about as a result of attempted optimizations, which were supposed to improve the speed and efficiency of the company’s service.

3D printers go rogue

The problem was made possible by a feature called auto-discovery, which gives customers an easy way to synchronize their printers with their TSD accounts. As Jiang explains, the feature makes use of the fact that devices share the same public IP address when on the same local network.

“When I went through the load-balancer reconfiguration, I made a mistake by missing a configuration to let the load balancer pass the public IP address of the connecting client to the backend TSD server. Instead, the load-balancer would just pass its own IP address to the server,” he wrote.

“As a result, the server got the same IP address of the users who happened to be connecting their printer to TSD at the same time. The server thought they were on the same local network, and hence allowed them to link each other’s printers!”

Jiang says the security hole was live for about eight hours, but has since been closed off. All 73 affected users have also been notified.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Although the likelihood that all 73 were attempting to link their 3D printers at the same time is low, The Spaghetti Detective also took additional precautionary steps, including turning off auto-discovery and disabling remote access for affected customers.

“I don’t want to sugar-coat this. This is a serious security vulnerability,” said Jiang. “My sincere apologies to our community for this horrible mistake.”

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

iStorage Group acquires Kanguru Solutions as it looks to expand security offering

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well