Bambu Lab recently announced a firmware security update for its printers that would introduce an official “authorization control” system for critical printer operations. The update is presented as a way to mitigate the “risk of remote hacks or printer exposure issues that have happened in the past, and also lower the risk of abnormal traffic or attacks.”
The new firmware will not allow Bambu Lab printers to interface with popular 3rd party software or hardware upgrades such as Orca Slicer or BigTreeTech’s Panda Touch screen. Now, users will need to download “Bambu Connect” to act as a one-way go-between.
Users of Bambu’s house slicer, Bambu Studio, are unaffected by this update, which will continue functioning as expected.
Bambu Lab listed the following “critical operations” that will require authorization and therefore will not be accessible through 3rd party products:
- Binding and unbinding the printer.
- Initiating remote video access.
- Performing firmware upgrades.
- Initiating a print job (via LAN or cloud mode).
- Controlling motion system, temperature, fans, AMS settings, calibrations, etc.
This means if you use Orca Slicer you will not be able to remotely detect the type or color of filament in your AMS, monitor your prints in the Orca Slicer device tab, or change the speed or hotend temperature. You will have to manually coordinate your filament colors before painting a model, send gcode through Bambu Connect’s interface and stand in front of your printer to manually change the speed or temperature. Bambu Lab said you can monitor – but not change – these functions through Bambu Connect. The go between program did not launch with access to the webcam, so if you want to watch your first layer go down, you’ll need to physically lay eyeballs on your printer.
Bambu Lab’s blog posts state these changes are necessary to protect your printer from bad actors on the internet who could maliciously hack your machine. “By ensuring that all interactions with the hardware — such as moving axes, heating components, or performing other critical actions — are verified and secure, we can minimize risks and prevent potentially dangerous situations.”
The blog post went on to say that Bambu Lab has experienced targeted DDoS attacks and has seen up to 30 million unauthorized requests per day, which creates unwanted strain on their infrastructure. These “unauthorized” requests could be from Orca Slicer and Panda Touch users. The infrastructure in question is Bambu Lab’s Cloud Service, which acts as a bridge between your computer and the 3D printer.
Notably, the new firmware will also prevent Orca Slicer and other 3rd party systems from accessing your 3D printer over a private LAN. Bambu Lab states that even in LAN mode, your printer could still be vulnerable to hackers, especially if connected to a public network. “3D printers have complex moving parts and heating elements that pose a high risk if unauthorized people with ill intentions gain access to them. The results of such unauthorized access can be severe, and we take safety very seriously. To avoid the printer being in an unknown situation, we uniformly manage the authorization and control of all accesses to avoid potential risks,” the company said in its blog post.
Many members of the 3D printing community are not accepting the update at face value and are calling it a power grab to force users into a Bambu Lab walled garden.
The beta version of the new firmware is currently available for X Series 3D printers, with updates for the P Series and A series to follow. Firmware updates are of course optional, and as we reported in April, Bambu Lab will stop updating the X1-Carbon in 2027. A new flagship printer is on the horizon, with Bambu Lab announcing a release date for the mystery machine in Q1 2025.
