> Right now, the printer's local MQTT server can only be accessed from the local IP using an 8 digit password obtained through through the physical display.
The problem is hackers don't need to play by the rules (accessing the display).
8 digits that never change is a joke in terms of security, it could be brute-forced within hours/days by sending a network request for each possible combination.
mitm: afaik Bambu Studio/Connect/Handy validate the printer's certificate during the TLS handshake, but most third party software probably doesn't (barely found documentation about it).
And there are a few other (although not as fundamental) weaknesses like no mutual authentication, access control or revocation of specific clients. Due to the nature of MQTT, every client can see messages sent by other clients once authenticated.
ppl always get caught up on the x509. They're actually a good thing and are absolutely necessary to prevent mitm since they use self-signed certs.
BambuStudio also works that way.
The issue is introducing further measures which don't provide any security benefit to the user (can be spoofed): only allowing critical commands from BambuConnect.
That's why any sane software uses a stable public API and an internal one that can be closed off or has breaking changes all the time.
> MQTT has no versioning and limited hierarchy in the pub / sub model
It's currently handled like this: https://github.com/Doridian/OpenBambuAPI/blob/main/mqtt.md. Would it be a far stretch to add an "api_version":x field and a "internal_" prefix for some commands?