Bambu Lock Down
Bambu is locking its printers down further in a coming update. The biggest impact is likely for users of Orca Slicer and the question I have is; why?
I have some theories. Bambu Lab cites security. A lot of people are calling BS. My thoughts? I'm not sure. It is possible. If so, it would largely be a problem of their own creation. The BL approach of sending all print jobs through the cloud unless you're using LAN Mode puts a burden on their cloud and also makes them the most interesting attack vector. Perhaps they are seeing an increase in load which they do not believe coincides with an increase in legitimate activity. This may be increasing their costs to operate the cloud portion of the service.
This is hard to substantiate. I haven't heard anything to indicate such attacks are happening. However, if they have a good cyber security team it is also possible that they are detecting failed attacks or attacks are not being publicly reported widely enough or they are being mis-categorized. Under the mis-categorization group could be things like prints being mysteriously cancelled mid-print. These could actually be successful hacks which people are thinking are merely cloud or printer blips.
That being said, I don't get why these changes would also apply to LAN Mode though. Cloud transfers to the printer are ALWAYS going to be inherently less secure than local transfers. It is possible that they will relax some of this in the future. Though, that will depend on community reaction (do people actually revolt with their wallets by buying the competition) and the truth of the matter. If it is really just about security that is.
Other reasons could be things like metric collection. I know Orca Slicer sends through the cloud though. So, this seems less likely. Perhaps they need/want metrics from the slicer itself though or perhaps Orca Slicer sends less details. I don't honestly know at the moment.
The sketchiest part of the whole ordeal to me is the new Bambu Connect app. This means that in addition to every existing BL app continuing to work with both Cloud and LAN Mode, there is now a 3rd app. Which in turn would imply that it is pretty trivial for them to add support for this new Authentication Model. Also, the speed with which this rolled out tells me that they have some decent software engineers (or very stupid PMs).
You don't generally make a hard cut like this all at once in software. This sort of thing can be a pretty large gamble. It needs to go off perfectly. You can't make authoritarian moves like this AND screw them up.
Leading from that, the final theory is a little more grim; government interference. In essence, BL is pushing this HARD as something which doesn't stop you from using other slicers. But it only allows you to do this in way which now forces you to install at least one piece of BL software into your network unless you're willing to manually copy files to the SD card.
While I can understand how a firmware update that makes the printer more secure could break prior integrations, I can see no reason why even local transfers would require the use of 1st party tooling to authenticate. BL can add as many layers of protection as they want to their cloud service, but a proper authentication mechanism works just as well locally as it does through the cloud and requires no gatekeeping. The problem with gatekeeping is that your "gate" becomes the single point of failure.
Good device encryption means that agreements are made between the device and the user agent communicating with them and those details are shared with no one. This is inherently more secure than whatever the heck BL is implementing.
- If Bambu Connect needs to connect to BL services when issuing these commands then a true local or LAN only mode no longer exists and there is still a single point of failure in their cloud.
- If it doesn't connect to BL services then it means that the new auth method uses a Root CA or similar and there is once again, a single point of failure.
Comments
Post a Comment