Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Categories
Random page
Top Contributors
Recent changes
Contribute
Create a page
How to help
Wiki policy
Adapt videos to articles
Articles in need of work
Help
Frequently asked questions
Join the discord!
Help about MediaWiki
Consumer_Action_Taskforce
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Bambu private keys leaked less than 24 hours after announcement
Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
Purge cache
General
What links here
Related changes
Special pages
Page information
Cargo data
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
In January 2025, [[Bambu Lab|'''Bambu Lab''']] introduced an authorization control system<ref>[https://blog.bambulab.com/firmware-update-introducing-new-authorization-control-system-2/? https://blog.bambulab.com/firmware-update-introducing-new-authorization-control-system-2/?]</ref> for its X1-series 3D printers, aiming to enhance security by restricting critical operations to authorized applications, notably their own "Bambu Connect" app. As part of this change, certificate files and private keys responsible for decrypting communications were stored in the code of the updated software files. ==Private keys found== Shortly after this implementation, security researcher [hWuxH] successfully extracted the X.509 certificate and private key from the Bambu Connect application. The application, built on the Electron framework, employed obfuscation techniques to protect its code. However, these measures proved insufficient, allowing the de-obfuscation of the main.js file and the exposure of sensitive cryptographic materials.<ref>https://hackaday.com/2025/01/19/bambu-connects-authentication-x-509-certificate-and-private-key-extracted/</ref> ==Company's response== Bambu Lab clarified that the firmware update was optional and emphasized their commitment to maintaining an open ecosystem. They introduced a "Developer Mode" to facilitate continued use of third-party applications, acknowledging the community's desire for flexibility while balancing security considerations.<ref>https://www.theverge.com/2025/1/21/24349031/bambu-3d-printer-update-authentication-filament-subscription-lock-answers</ref> ==References== {{reflist}} [[Category:Bambu Lab]]
Summary:
Please note that all contributions to Consumer_Action_Taskforce are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (see
Consumer Action Taskforce:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:
Cancel
Editing help
(opens in new window)
Template:Reflist
(
edit
)