Despite the fear mongering surrounding 3D printed guns that has dominated most 3D printing-related discourse in the mainstream media lately, there are certain, much more real and immediate safety concerns within additive manufacturing. As the Internet Storm Center (ISC) recently reported, one of those concerns comes from users of 3D printer monitoring software OctoPrint.
According to the report, over three thousand OctoPrint interfaces are currently publicly facing the internet, meaning they are at risk for IP theft or leaks of 3D printable files, compromised 3D models and even of having their webcams hacked.
Thankfully, it’s not necessary to stop using the open source 3D printing remote access software, only to use it with more precautions. In response to the report, OctoPrint recently published a guide to keeping your private information and 3D printing files safe while using the popular tool.
“Putting OctoPrint onto the public internet is a terrible idea, and I really can’t emphasize that enough. Let’s think about this for a moment, or two, or even three. OctoPrint is connected to a printer, complete with motors and heaters. If some hacker somewhere wanted to do some damage, they could. Most printers can have their firmware flashed over USB. So as soon as the box hosting OctoPrint is comprimised, there go any failsafes built into the firmware. All one would have to do, is flash a new, malicious firmware with no safeguards, over USB, and then tell the printer to keep heating, leading to catastrophic failure. Of course there are other reasons to not have an OctoPrint instance available on the public internet, such as sensitive data theft, but catastrophic failure is by far the worst case scenario here.”
The post goes on to describe a number of ways to users can remotely monitor their 3D prints using OctoPrint without putting the program on the public internet. The easy way, it says, is to use plugins, such as Polar Cloud, OctoPrint Anywhere, OctoPrint-DiscordRemote and Telegram.
“Remote access via a plugin is certainly the easiest way for you to access your instance and control/monitor your printer,” the post reads. “Unless you really know what you’re doing, this is very likely the method that you’re going to want to be using. There are a few different options available that accomplish remote access, without opening up OctoPrint to the rest of the world.”
More advanced users can also protect OctoPrint from abuse using advanced access methods, including VPNs and Reverse Proxy. If one of these workarounds is used, guest author [Jubaleth] recommends putting the VPN or Reverse Proxy onto a separate physical box connected to the 3D printer.
“All in all, there are many ways one can safely access an OctoPrint instance remotely, that do not involve blindly forwarding ports on your router and putting yourself at risk,” the post concludes. “Anything with the potential to burn down your house should be treated with the utmost care. It may seem more convenient to cut corners… but is it really worth it?”