Please note that all submissions to the site are subject to the wiki's licence, CC 4.0 BY-SA, as found here

Bambu Lab Authorization Control System

From Consumer Action Taskforce
Jump to navigation Jump to search

On 2025-01-16, the 3D printer manufacturer Bambu Lab announced that future firmwares for their 3D printers would introduce an authorization and authentication protection mechanism for their connection and control, in the name of security ("to protect against remote hacks, printer exposure" and other attacks)[1][2].

While some functionality still remains unauthenticated like in the previous firmware versions (sending status information from the printer over the network, starting a print job using SD cards), the most important ones (initiating a print via LAN or cloud mode, remote video access to follow the advancement of a print, controlling motion system, temperature, fans, AMS settings, calibrations, etc.) will require to use a new closed source client called Bambu Connect[3].

Previously, 3rd-party software such as OrcaSlicer[4] would interact with Bambu Lab printers via the open-source Bambu Studio and proprietary network plug-ins. While Bambu Connect provides an API to initiate prints, a lot of functionality previously openly available is now gated behind the closed source Bambu Connect[5].

The manufacturer suggests to customers wanting to keep the old behaviour to keep their printer on the older firmware versions without the authentication framework. This won't be an option for consumers buying new printers shipping with the locked down firmware in the future.

Customers reactions are negative[6][7]. Bambu Lab is known for heavily pushing its cloud to interact with its printers to its customers, while offering a limited LAN mode[8], some customers assert that the security issues this locked down firmware will counteract are in fact a consequence of this choice[9].

References