Hello, welcome to the Thursday, August 30th, 2018 edition of the Santernet Stormsanders Stormcast.

My name is Johannes Ulrich and I'm recording from Sevalde, Germany.

We got a little bit more detail on these exposed octoprint 3D printers.

Now, many of them apparently do have cameras attached so that gives

an attacker full access to the camera. Typically these cameras are used to watch the 3D printing

happen. Also some users then stream the 3D printing process to YouTube.

So you may also expose YouTube credentials, for example, on these printers.

There is also one potential destructive attack that we heard about about printers connected

via octoprint, and that's just to overheat the printers and cause

a fire. That's highly dependent on the exact printer hardware being used. Some printers have

protection circuits that will prevent that from happening. Xavier posted a little bit more about

this with screenshots and some sample Gcode files and so that can

be downloaded via octoprint. That's probably the most direct and most common way this could be

exploited, just stealing intellectual property essentially from these 3D printers.

Like I mentioned yesterday, don't expose them if you want to proactively search your network for

any octoprint connected printers that may exist.

They'll look for open port 5,000.

That's where the web GUI usually listens on.

And Composer is a package manager that's very popular with PHP. It for the most part

relies on packages, which is the repository where PHP packages tend to be deposited,

that Composer then loads. So a very popular repository of packages that sadly

was vulnerable to remote code execution. Sadly the exploitation of this vulnerability was

...