I've finally got my 3d printer setup and upgraded just how I want!
I'm sure you can do more, it's endless but now I'm focusing on my CEH course and I've been thinking..
These LPC1768 boards based boards (SKR / MKS GEN-L etc), are capable of running a lot more than Marlin. I've already had some experience with malicious gcodes, I'm sure the author didn't intend for this to happen but I ran it and the nozzle drove straight into the bed!
This week I was a little bored so started poking around the Marlin code as I wanted to get the piezo buzzer to do more than beep, Then I discovered M300, I searched on Google and you can get it to play Mozart!
I have trawled through so many YouTube videos on 3d printing as I am quite new to it, but I see so many 'hacks' like printers left running unattended and wires hanging out etc, but its on WiFi with a cam so they think it's ok as they can stop it remotely. The Anet A8 is a fire hazard anyway and with such a small amount of flash, I've seen guides detailing how to save space by disable safety features!
But having this hooked up to the internet via an 8266 / Pi etc opens doors for the hacker. For the hacker, the opportunities to wreak havoc are endless, here are the first few things I can think of:
- Malicious g-codes to ruin what you are printing for a start.
- Take your build of Marlin (your source-code wont be hard to find I'm sure on the network), tweak it with customization's to suit the hacker. If the board supports firmware update from onboard sd-card that is accessible then all this is easy
- Instead of just replacing your firmware with a subtle tweaked version, how about just flashing something custom that causes destruction using the heaters, steppers and whatever else may be attached.
- Brick your board, install a rootkit within the boot loader, you would have no idea that your printer has a persisted backdoor that a standard firmware flash does not remove.
- 3d printing is all about being creative, there is a lot a bad stuff that you could do as a malicious hacker.
- Imagine randomly having first layer extrusion issues that absolutely don't go away, or your print fails randomly sometimes.It's all possible!
I have already seen news highlighting potential issues with the big commercial setups. A rig printing aircraft parts that has been tampered with could be catastrophic.
I have not seen anything malicious yet but I may put together a proof of concept if I get the time. These 3d printers are not IoT light switches, they are potentially quite dangerous.