As seen on Louis Rossmann! https://www.youtube.com/watch?v=UYhYkpYpt58 JamesTDG (talk) 10:28, 20 January 2025 (UTC)Reply

Confusion from tech-illiterate regarding this article

I am relatively tech-illiterate, so I have a couple of questions that this article does not cover.

First, this is probably a basic question, but why is there a private-key hard-coded into the device? I know almost nothing about encryption, but I assumed that the private keys were supposed to stay on the server in order to magically sign updates. I thought that authentication of the signature was supposed to be done through public keys or something. Am I mistaken about this? Or do private keys need to be hard-coded into the firmware of the device?

Second, now that this has happened, what does Bambu need to do in order to change the private keys?

Third, how exactly does the consumer take advantage of this? Are they able to connect their own server to push their own updates to the device? If so, how would they go about doing that? The guide does not tell tech-illiterates like me how to do it.

Fourth, with this ability to get the private keys, are there ways that bad-actors can use this to push malicious updates to any of these printers that are connected to the internet? If so, does everyone need to disconnect their 3D printer from the internet immediately in order to not get infected? Or is this not the case? And if malicious actors can now hack into these printers thanks to the instructions presented in this article, is this a net-negative for the consumer, rather than a net-positive, even for a consumer who wants to truly own what they bought and paid for?

These are probably all basic questions, so please forgive my confusion and ignorance.

- I_Will_Not_Use_Discord