FWIW, I was well aware of the cloud routing of the jobs before I purchased. I honestly can’t remember if I new the camera was required to go through the cloud or not. Like @MortalWombat said above, this isn’t a problem for me so didn’t make me not buy the printer (obviously), but I agree with his assessment that it not being a problem me doesn’t mean I can’t recognize that it’s a problem for others, nor that it might not be a problem for me in the future.
1 Like
Hi everyone,
We heard all the network security concerns, and we published a dedicated blog post to share our feedback about them.
7 Likes
Not being an expert in this area of IT at all, I appreciate two things:
-
People like Roy, who obviously has far more experience than I, who take the time to bring this information to light for the whole community.
-
Bambu Labs for answering the response, taking immediate action where possible, AND plaining admitting when and where they screwed up. It’s refreshing to hear honest admissions of error and efforts taking to correct the problems rather than cooperate double speak to hide/deflect blame.
5 Likes
Ive been digging around this forum as well as Reddit on this security topic. Admittedly, all of this IT talk is way over my head. Could someone please explain to me (like im a 5 year old) what specific risks these security shortcomings could allow? As a home user of this printer what is the worst that could happen?
- Can someone use my networked printer as a wormhole into personal or bank account info?
- I imagine they could see my part files or even access the camera. Honestly, that really doesn’t bother me all that much. But, if they bypass safety features and somehow are able to set my house on fire… i would be pretty upset.
Thanks for translating!
5 year old P? Ok, here goes " go play with your other todays, this subject has been covered and handled by big daddy " I e as far as I am concerned, Bl has handled it and closed the open spots. And like you said, normal people dont have an issue.
How did they manage to block access to my models on their could by the Chinese government (and the governments of whichever countries their cloud is hosted in for that matter)?
Nothing I complained about when starting this thread has changed.
2 Likes
Another completely unrelated but very important concern is that any product that depends upon a vendor’s cloud is also dependent upon that company being in business. If Bambu’s team all find something more interesting to work on, this product could become a $1400 brick.
Most likely what they’re doing with video is to track what port the video stream is on, so that any [authorized] client who wants to stream the video can get it directly from your router.
I just got my printer last night, so I haven’t tried using it from outside my home yet.
While I don’t work on any military-level private objects, I still want what I print to be known to me, and me alone. I would greatly prefer a way to have my printer not require an outside network address for anything. I’m coming from a Prusa MK3S, where I could update firmware and print my items without any need for the internet. I think Bambu really ought to consider providing similar functionality. It saves them [cloud spend] money, and lets privacy-minded users get what they want.
3 Likes
yes, then let it be… use LAN mode, dont use the cloud. if you feel so unsecure.
yes it is really better to share your “top secret” print models in facebook, google, printables or thingiverse… yes this is more secure than a “chinese cloud” … 
yes, use LAN Mode. no Internet required…
I see this all the time. People who gave up privacy and security for a little convenience always moan at those that won’t because it makes them feel better about what they did when everyone else has done the same.
I don’t use the cloud and I don’t post proprietary design information on facebook (not being a moron I never even had a facebook account) or anywhere else. I can’t use the camera I paid for and I am forced to temporarily connect to their cloud and use the stupid handy app to update printer firmware.
1 Like
Regarding security of intellectual property:
Will it be possible to update the printers firmware in the future via micro-sd?
I’m looking for a way to meet my clients intellectual property demand concerns while still being able to firmware update in lan only mode.
Sorry for opening a new topic. I just found out about this thread
2 Likes
So are you indicating that they have access to our entire network or just what us happening with the printer?
I guess you could take it off-line (block it in the router) after an update. The time-lap video would still record on the uSD card? Of course it would not be as easy to get at the video as it is right now with the iPhone app.
What is the major security concern?? Some more details please, Thank you.
So if the internet is down, but not my local network, I can not send a print job to the printer?
If you have LAN mode running, you do not need the Internet. There will be cases where you might need to re-add the printer, such as after a power outage. You always have the option to use the memory card. There really isn’t a way for Bambu Labs to provide there printer users with security. This should not be a surprised.
This is not a good place to cover the issues of personal privacy. In short the only way to protect you personal data is to not have it connected to your printer, or connected to - (the list is too large to list here). It is best to use end to end hardware isolation for the printer. This is why to make folks happy Bambu Lab will need to provide a wired connection; I’m sure the competition will. Sadly this is an easy problem to resolve, but as you can see, it has laid there for six months.
1 Like
With the amount of time and care put into Bambu printer hardware (which is significant and I’m very impressed with the product), I am very disappointed in the short-sightedness of Bambu software and licensing.
Regardless of whether this is considered a professional or consumer printer by Bambu labs itself, the user should have the right to opt out of cloud storage and 3rd party share of CAD files and timelapse video. The privacy concerns are serious, as unknown parties could have access to designs that may be NDA. Let’s not be naive here, the quality and price point of the Bambu is definitely going to make it attractive to professional prop companies. Those tasks come with NDA and creator designs that need to be confidential.
All versions of Bambu need to offer offline firmware update, opt-out for storage of creator files and video, regardless of intended use. If owners CHOOSE to allow their designs to be used for Bambu product improvement and tuning, more power to them. It is easy to say, buy the X1E at near double the price, for limited feature upgrades to get LAN function. Corporations/Organizations with vast funds can do that, small prop shops upgrading a print farm cannot. Volume sales and adoption of the Bambu brand is going to come from smaller entities.
2 Likes
Update - I did review the blog post
##Bambu lab blog >> answering-network-security-concerns/
And I see fixes have been implemented or are on the way, which is promising.
But I still have remaining security concerns and will fully test LAN mode limitations.
I do not like that there is a warning that I cannot have both a personal and professional email associated with a single IP (I have both work and personal printers).
All internet protocol and ftp protocol connections should support https and sftp, if used.
Opt-out of all cloud storage should be an option with no exceptions.
Customer privacy should remain at customer discretion. It seems Bambu is taking steps to correct and I understand the expertise began with Robotics expertise, with little Network Security expertise. I hope they hire the talent to fix this quickly and understand the needs.
1 Like
The camera is VERY handy to monitor the job while it is running. I enjoy seeing that some tall item has fallen over and I’m making spaghetti that is not going to taste good. I’m not concerned about the waste of filament but I am very concerned about the lost time making trash.