As per a recent Bambu Lab blog post, its FDM printers in the X1 series will soon receive a firmware update that adds mandatory authentication for certain operations, starting with the firmware update on January 23rd for the aforementioned FDM printers. These operations include performing firmware upgrades, initiating a print job (LAN or cloud), remote video access and adjusting parameters on the printer. Using the printer directly and starting prints from an SD card are not affected.
As reasoning for this new feature Bambu Lab points to recent exploits that gave strangers access to people’s printers, though cheekily linking to an article on an Anycubic printer exploit. While admittedly a concern, this mostly affects internet-exposed printers, such as those that are tied into a ‘cloud’ account. Even so, LAN-based printing also falls under this new mandatory authentication system, with Bambu Lab offering a new tool called Bambu Connect for those who insist on using non-Bambu Lab branded software like OrcaSlicer. This allows for exported G-code files to be sent to a (property authenticated) Bambu Lab printer.
For those who do not wish to use this feature, not upgrading the firmware is currently the only recourse. Although this firmware update is only for X1-series printers, Bambu Lab promised that it’ll arrive for their other printers too in due time. While Bambu Lab printer owners consider installing the alternative X1 Plus firmware, the peanut gallery can discuss the potential security issues (or lack thereof) of an open Fluidd or similar UI on their LAN-connected, Klipper-based FDM printers.
Thanks to [mip] for the tip.
After all of the goodwill around X1 Plus, it’s disappointing that they’ve decided to lock network control down. I hear that people have been using third-party software to run their print farms, and it sadly makes sense that they might want to have a finger in that pie and sell their own management solution.
If they really cared about security and not control, they would just add an extra key exchange step to pair a printer with an instance of the network plugin. Or maybe that’s already how it works? I don’t have a Bambu Lab printer.
They don’t care about security or control. They care about money. Security makes people feel safer giving them money. Control lets them do rent-seeking behaviors that get them more money.
Every single action they take is about making as much money as possible. If you want to know why they do anything, it’s solely because they think it will lead to that outcome.
The biggest issue I had with the Bambu wasn’t really printing, but boot time 😂 It takes about 5 minutes before the interface is up and running for me. I love having multiple printers each where I can simply drop the STL to the printer and not have to mess with profiles etc. 🍆💦
I use a X1 now, although I did love having a Prusa 😛 with a camera mount and attached to the print bed so print timelapse was stable. Most of the USB cameras I have tried have the focus too far out to be clear when attached to the bed, even on extensions.
Wait you power off your printers?
I just leave them on and send files when I want them to print.
On first glance, this could be a positive change. For example, my Octoprint service requires authentication to log in (it’s not accessible outside of my LAN, but still). But when you dig into the details in the FAQ, it gets ugly:
Q: What happens if I forget my Bambu account or email? Will my printer stop working?
A: No, the printer is not locked to a specific email or account. If you forget your email credentials, you can easily sign out directly from the printer’s menu and link it to a new account. Alternatively, our customer support team is available to assist you with password recovery if needed.
In other words, the authentication isn’t local or under your control and will need a Bambu account and internet connection to even use “your” printer in the future. That is ridiculous!
Hm, somehow that’s not how I read the A:
It says if you have a problem but physical access to the hardware, you can just sign out and sign back in – at the printer. How is that bad? That’s what I would want in terms of trouble.
In addition, the support team can help recovering your account password. So once you have that, AND physical access to the printer, you can sign in again (at the printer) and keep printing
I have a P1S and am probably going to just update it this week and then fully block it from the web. I tend to not start prints remotely anyways so it’ll be a minor change. OrcaSlicer is better in a lot of ways, and I’d rather keep it over Bambu’s “wonderful” mobile app.
I’m surprised that this wasn’t a thing from the start. When I made the Ultimaker 3 firmware with network connectivity, authentication was an important design part. Now, this didn’t depend on any cloud services, just a shared secret that required you to press confirm at the printer display once to pair things up.
Also, all of this was of course nicely documented and the API was open for anyone on the network to access. (any Ultimaker 3 or newer should have documentation of the API at http://[ip]/api/docs/ if I remember correctly)
It wasn’t just useful to protect your printer, it also prevented unintentionally sending a job to the wrong printer in the office.
Cool, Cool.
So…. What printers are we buying to replace Bamboo?
Prusa?
Basically.
Given their big step up with their latest (the Core 1) they’re back to being on-par technologically while offering a still more open system.
The drawback is the price difference though – the Core 1 by itself costs as much as the X1 with AMS. And the MMU3 might actually work now (the previous two did not – but they sold them anyway:(
Voron?
There’s several voron – adjacent designs offered by various companies too; I’ve heard good things about ratrig printers
I just built my own custom system, but that’s not something everyone can do
Time to install X1Plus and look at other brands for the next printer…
More proof a DMCA anti-circumvention reform is far overdue.
This is certainly ensh1++1fication. Any hardware which requires regular firmware patches or subscriptions to even run is guranteed to be bricked in 2 years. It is not worth buying into such an ecosystem.
The article should have been titled: “Bambu locks out 3rd party software under the guise of added authentication”
The problem here isn’t the added authentication, the problem is that they’re doing it in a proprietary inconvenient manner locking out 3rd party software. If they had done it using open auth standards and public documented API calls almost everyone would have applauded.
Bambu’s mostly done that from the start though. You’re not losing a whole lot there. This was never an open ecosystem. I bought one because it was a massive leap ahead of what everyone else was offering at the time.
That would be basically everyone. You have to use the internet – yes, even in LAN mode – to send jobs from a local computer to the machine. It was only their commercial version of the X1 where you could actually stay offline on a non-internet-connected wifi network while controlling from a desktop.
The only non-internet option is to transfer by SD card.