Cura: Online printer safety

Created on 1 Sep 2017  路  7Comments  路  Source: Ultimaker/Cura

Having UM3 in the work, anyone who has Cura installed and physical access to the printer can connect to the printer without further restrictions as e.g. Admin password.
This is a huge safety risk since nobody has overview of people with access and the number of people can be growing anytime someone easily connects to the printer, this can lead to confusion and misunderstandings and (un)intentional aborts of prints .

If the user asking for permission to the printer is denied Cura live print window blocks the printer controls, but still show online printer camera image. This is logically another safety issue, since anyone, even denied users can see what is being printed. Denied users shall have complete blockage from using or viewing the printer.

picture konvoj

Most helpful comment

I'm just printing... for a friend

picture fieldOfView on 10 Sep 2017
🎉1 😄1

All 7 comments

If someone has physical access to a printer, there is no way to prevent them from getting any form of access (eg; Just putting a USBDrive in there also allows the user to start prints).

nallath picture nallath on 1 Sep 2017
👍1

This can happen even if someone had access to the printer once (with a bit of luck). Then he gains remote access and ability to control the printer.
The printer is placed in the room with limited access, and I don't want to be paranoic, but now almost anyone who is let in for whatever reason can have full control of the printer.

Second part of the issue is also concerning, since anyone in the same network may see what the printer is printing. In the situation the printer in limited access area is printing confidential stuff and anyone can see it is for me worrying.

konvoj picture konvoj on 1 Sep 2017

You could put your UM3 on a separate network or even on a VPN

fieldOfView picture fieldOfView on 1 Sep 2017

There's no guarding against physical access, of course. One security issue that I know of is that we never deprecate keys, so accessing someone's computer that has an authenticated key to some printer will give the attacker access to that printer indefinitely. It would be better to give the keys a lifetime of, say, 3 months, or at least to provide a way to invalidate keys that are known to be stolen (other than via developer mode).

We've considered whether to protect the camera image. In the end, the usefulness of being able to recognise a printer through its camera image won over the security issue of finding personal information in the camera image. The camera is only looking at the inside of the printer, so the user's room is not visible, was the argument. I don't think it was considered though that a user might be printing a giant spiked dildo and so the actual insides might be private as well...

Ghostkeeper picture Ghostkeeper on 10 Sep 2017

I'm just printing... for a friend

fieldOfView picture fieldOfView on 10 Sep 2017
🎉1 😄1

Do we still think this is an issue?

ChrisTerBeke picture ChrisTerBeke on 27 Sep 2017

As industry standard, some kind of protection is a must (like all company PCs needs to use passwords to login). The level of protection vs. physical access to the printer is however debatable. You can close this issue for now, once i come with a better safety strategy, i will open another issue.

konvoj picture konvoj on 28 Sep 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

tomoinn picture tomoinn  路  3Comments
wi1k1n picture wi1k1n  路  3Comments
Nemernemer picture Nemernemer  路  3Comments
muhammadelmogy picture muhammadelmogy  路  3Comments
timherrm picture timherrm  路  3Comments