Potential hackers can bypass 3D printer firmware security features using the specially crafted updates and trigger fire
3D Printers have become a necessity in many ways. The 3D Printing allows users to make any physical object using computer-aided design (CAD) to create three-dimensional objects through a layering method. However, a security researcher has found that 3D Printer’s firmware is vulnerable to security bypass which could be used to trigger fire and even cause an explosion.
Every 3D Printer firmware like any other Internet of Things device has a temperature control element. This thermostat-like feature resides in the firmware and sets the maximum temperature that the device can endure. Security researcher, Dan McInerney of Coalfire demonstrated a way to bypass the security systems set by a 3D Printer firmware and raise the preset temperature way beyond the capacity to cause fire or explosion.
McInerney used the 3D printer from the Chinese company, Flashforge Finder WiFi-enabled plug-n-play 3D printer to demonstrate his research. McInerney explains why he chose to investigate vulnerabilities in 3D printers in an earlier post, “3D printers are becoming more common with no signs of slowing growth. As their price drops and their usability increases, they will soon become household staples, akin to ubiquitous paper printers. With this evolution, the need for security dramatically increases.”
McInerney found that he could easily tamper the Flashforge 3D Printer firmware by using specially crafted updates to raise the temperature in the device and potentially cause a fire. Flashforge 3D Printer firmware sets its maximum temperature at 240°C. McInerney figured that by removing this maximum temperature setting from the firmware, he could cause the printer to heat beyond capacity and cause fire or an explosion.
To tamper with the firmware, McInerney first gained root access to Flashforge 3D Printer’s firmware via WiFi. Once he gained root access to the firmware, he used NSA’s Ghidra Tool to reverse engineer the firmware and add a specially crafted patch with increased maximum temperature settings. He found that the Flashforge 3D Printer has some sort of circuit breaker which did not allow him to raise the printer temperature to exceed beyond 260°C.
After a couple of tries, he could overcome this hurdle too. He made a slight change in the specially crafted update to raise the maximum temperature to 455°C. At 455°C, any object can burst into flames.
Here is a video of the Proof-of-Concept:
“Flashforge Finder 3D printers ship with port 8899 open without authentication, which is supposedly quite common for these devices. The port accepts G-code commands to perform actions such as raising the temperature, extruding plastic, and moving the tip of the heated extruder,” McInerney explains in part three of his demonstration.