Designers beware: Real-time 3d viewers can easily be hacked.

After Manuel Poehlau expressed a desire for a better presentation of his gorgeous 3d printable designs, he showed the real-time 3d viewer by Sketchfab as an example.

A discussion with fellow designers ensued about the security of such real-time 3d viewers. As most thought security was low, and I had just read the story about the hacking bride, the one who hacked and downloaded a model from Shapify, I wanted to give it a try myself.

Lunch time.

Manuel had posted a model to Sketchfab without the download option enabled, so I decided to see if I could rip that model from the 3d viewer.

Screen capture of Sketchfab viewer

Well, I managed to do it in under an hour during my lunch-break. And I now have a small program that allows me to rip other models as well. (But I won’t.)
I encountered no real trouble in locating the data files and textures: They were easily grabbed from the page source code. Conversion was a matter of reading the helpful and descriptive JS files used to show the 3d model and tada:

Showing a Plane model ripped from Sketchfab

After I showed this to Manuel he promptly removed his model. Which is understandable, as he did not expect this was so easy.

Better safe than sorry

Real-time 3d viewers really are a great option to show of your work from all sides, and I truly love the 3d viewer at Sketchfab!

But be aware that they do not really protect your content from being downloaded, even if the download option is not enabled.

Secure options may exist, but until you are sure about this, I would advice against using real-time viewers for your most precious designs. As the source files are essentially up for grabs.

About the Author

Stijn van der Linden is a professional 3d printing designer and owner of studio Virtox.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.