Firmware Update Introducing New Authorization Control System

Launching first for X Series printers, with P and A Series updates planned for future release

Bambu Kidd

8 min read
Firmware Update Introducing New Authorization Control System

As part of our ongoing commitment to enhance the overall security of our products, we are introducing an authorization and authentication protection mechanism for the connection and control of Bambu Lab 3D printers. This step is a significant security enhancement to ensure only authorized access and operations are permitted.

This change is mitigating any risk of remote hacks or printer exposure issues that have happened in the past and also lower the risk of abnormal traffic or attacks

Introduction of Firmware and Software Updates

Starting January 16th, users will have access to the beta firmware, with the official release expected to follow on January 23rd:

  • New firmware update for X1 Series 3D printer (version 01.08.03.00 or above).
  • Corresponding new versions of Bambu Studio (version 01.10.02.64 or above) and Bambu Handy (version 2.17.0 or above).

These updates will introduce authorization controls that require official authorization for critical printer operations. Furthermore, unauthorized third-party software will be prohibited from executing critical operations.

During this transition, we're working closely with our integration partners to ensure a smooth migration to the new security framework. Our team will provide comprehensive documentation and support to assist with any necessary adjustments.

Critical Operations That Require Authorization

The following printer operations will require authorization controls:

  • Binding and unbinding the printer.
  • Initiating remote video access.
  • Performing firmware upgrades.
  • Initiating a print job (via LAN or cloud mode).
  • Controlling motion system, temperature, fans, AMS settings, calibrations, etc.

Operations That Do Not Require Authorization

The following actions will remain unaffected by the authorization mechanism:

  • Sending status information from the printer (e.g., MQTT status push for tools like HomeAssistant).
  • Starting a print job using SD cards.
  • General operations outside the listed authorization controls.

Important Information for End Users

To ensure seamless usage, please note the following:

  1. Updating the Firmware with Authorization Features:
    If you upgrade your printer to the latest authorization-controlled firmware, you must also update Bambu Studio and Bambu Handy to their latest versions simultaneously. Failure to do so may result in certain printer controls becoming unusable.
  2. Old Firmware Option:
    Users who decide to use an older firmware version can still use the previous or new versions of Bambu Studio and Bambu Handy without restrictions.

Network Plugin for Third-party Slicer

Network plugin API for Third-party slicing tools (e.g. OrcaSlicer) based on open-source Studio development will no longer be able to utilize Studio’s network plugin API for authorization control. For these users, Bambu Connect client software will act as a replacement. This new software removes slicing functions while enabling remote control and print initiation.

About Bambu Connect Client Software

To make the experience more secure for our users, but still keep access to printer control using other slicer, we are providing a new software tool called Bambu Connect.

Bambu Connect is an intuitive and efficient tool designed to seamlessly link with Bambu Lab 3D printers. It securely transmits sliced Bambu Lab G-code and 3MF files to your printer, ensuring a smooth and reliable printing experience.

Currently, Bambu Connect is in beta, and we are still working on adding new features for it. We welcome everyone's suggestions and feedback.

Important Information for Partners

We advise our partners to pay close attention to the following:

  1. Please pay attention to the user restrictions outlined above, for end users.
  2. Bambu Lab will release technical documentation, new software, and offer support to assist partners in adapting their systems and developing software solutions compatible with the new X Series firmware and authorization controls. For access to our technical documentation, please email devpartner@bambulab.com.
  3. Partners can maintain or downgrade their firmware versions until technical updates are fully implemented.

Information for OrcaSlicer users

  1. You can continue using your X Series 3D printer with the older firmware version (which does not include Authorization Features).
  2. If you choose to upgrade to the firmware version with Authorization Features, you must download and install Bambu Connect (a printer control software) from the official website. After installation, you can export sliced .3mf files from OrcaSlicer and open them with Bambu Connect. This software allows you to send the files to your printer and monitor print progress.

Information for users of third-party software or hardware accessories

  1. To control your X Series printer using third-party software or hardware accessories, it is recommended to keep your printer on the older firmware version (without Authorization Features). Upgrading the firmware will prevent third-party software or hardware from controlling the printer.
  2. If you upgrade to the firmware with Authorization Features, you will only be able to monitor print progress and status (e.g., status updates in HomeAssistant).

Future Implications

All future Bambu Lab printer models will integrate authorization control technology as standard to ensure the highest levels of user security and printer protection moving forward. We acknowledge that these changes may introduce additional effort and workload. However, through our joint efforts and cooperation, we believe we can improve the security, quality, and user experience of Bambu Lab’s 3D printing products and services.

If you have any technical questions about the new authorization features, please contact devpartner@bambulab.com.

We greatly appreciate your support and collaboration.

FAQs

Why is this change needed?

This security update is necessary to enhance the overall security of your printer. By ensuring that all interactions with the hardware—such as moving axes, heating components, or performing other critical actions—are verified and secure, we can minimize risks and prevent potentially dangerous situations. Additionally, over the past year, we've detected an increase in the number of requests made to our cloud services through unofficial channels. These incidents have included significant abnormal traffic patterns and, in some cases, targeted DDoS attacks that have impacted service availability. Our monitoring systems have detected peaks of up to 30 million unauthorized requests per day, creating unnecessary strain on our infrastructure.

Why does it need to be enabled in LAN mode as well?

One of the key points of this security upgrade lies in the improvement of the network security capabilities on the printer side. The printer's LAN mode is a working mode we defined in which the printer does not connect to the cloud service, and usually only the client software in the same local area network can access the printer. However, please note that even when the printer is in LAN mode, the network environment in which the printer is located may still be connected to the public network, and other malicious software may still be able to remotely access the printer. In addition, other networked devices or software in the local area network may not be secure, such as Trojan horse software or other backdoor software, which may run on computers or handheld devices, or may also run in embedded devices.

In the above two cases, the printer may still be attacked from the outside, or even remotely. 3D printers have complex moving parts and heating elements that pose a high risk if unauthorized people with ill intentions gain access to them. The results of such unauthorized access can be severe and we take safety very seriously. To avoid the printer being in an unknown situation, we uniformly manage the authorization and control of all accesses to avoid potential risks.

Does this mean I won’t be able to use Orca Slicer in the future?

Bambu Connect enables integration with third-party software, such as Orca Slicer by using the file transfer method shared in the wiki. Before announcing this change publicly, we shared it with the lead Orca Slicer developer to ensure alignment and collaboration. Moving forward, we remain committed to working closely with them and other partners to facilitate the integration of Connect software, creating a smooth and hassle-free experience for all users. We previously highlighted these upcoming changes in an earlier blog post, where we clarified that we cannot guarantee long-term support for aftermarket software or hardware that interacts with the printer or its heating elements.

Our team is actively working on submitting the integration code for Bambu Connect. Once submitted, it will be up to Orca to decide when and if to incorporate it into the slicer, enhancing the user experience. We anticipate the code will be available on GitHub within the next few days, ready for integration into the Orca codebase.

What happens if I forget my Bambu account or email? Will my printer stop working?

No, the printer is not locked to a specific email or account. If you forget your email credentials, you can easily sign out directly from the printer's menu and link it to a new account. Alternatively, our customer support team is available to assist you with password recovery if needed.

I am using Bambu Studio. How does this impact me? 

If you're using Bambu Studio, there will be no impact—everything will continue to function just as it did with previous firmware versions.

Can Orca Slicer access or read printer information? What functionalities does Orca Slicer have without Bambu Connect?

OrcaSlicer and similar software are unofficial client applications developed using the open-source Bambu Studio and proprietary network plug-ins. These tools can connect to the printer via the cloud or LAN mode. As part of this security upgrade, we have enhanced the network plug-in's security by verifying the software signatures of callers accessing certain APIs and key printer functions. This means unofficial software will no longer be able to use these restricted APIs or parameters. The restricted functions in this Bambu Studio Network Plugin update include:

  • Binding/unbinding the printer
  • Initiating a print job
  • Controlling printer axis movements
  • Performing calibrations

However, other features, such as monitoring printer status (e.g., temperature, position, speed) and LED control, remain accessible. Manual firmware updates using MicroSD card will also continue to be available. Moving forward, unofficial software can explore integration using the updated network plug-in library. For restricted functions like binding/unbinding, printing, and axis control, these can still be executed through Bambu Connect via the URL Scheme method described in the Bambu Connect wiki but in the future, the restrictions might change depending on various security situations or product design evolution. 

I am using Home Assistant to control my printers. Will this still work?

After updating to the latest firmware with enhanced security controls, full control of printers via Home Assistant will no longer be possible. While Home Assistant will still be able to access some printer information, certain functionalities will be limited.

It’s important to note that this update is not intended to restrict third-party software use. In fact, we’ve actively collaborated with third-party print farm management software providers in the past and continue to support such partnerships. To further improve the user experience, we are introducing a new software solution that will address these limitations and enhance overall print farm management capabilities.

What happens if I never upgrade to this firmware? 

You may continue using an older firmware version that does not include the new security updates; however, this means the printers may miss out on important security fixes or bug patches included in newer versions. We highly encourage updating to the latest firmware version for the best experience and enhanced security.

Will aftermarket accessories stop working? 

If aftermarket accessories, such as Panda Touch, control features like binding/unbinding the printer, initiating print jobs, axis movement, or calibrations, these functions will no longer work. However, other features, such as monitoring printer status (e.g., temperature, position, speed) and LED control, will remain accessible.

In these cases, we cannot guarantee long-term support for unofficial accessories unless they have been approved by us in advance. Once we became aware of the Panda accessories, we communicated these updates to their creators.

That said, we welcome official collaborations with companies interested in developing accessories for Bambu Lab printers, as we have successfully partnered with other companies in the past, including E3D and Slice Engineering.

Read more