News broke last week that E-cigarettes can be used to hack computers!
Many E-cigarettes are chargeable via a USB, either by directly plugging the device into the USB port, or through the use of a charging cable- that seems innocent enough, right? Security researchers, however, have now warned that this simple act can actually compromise your computer- with just a few very simple tweaks to the vaporizer.
Security researcher, Ross Bevington showcased the concept at Bsides London, revealing how the device could be used to fool the computer into thinking it was actually a keyboard, or by interfering with its network traffic.
As Mark James, Security Specialist at ESET explains; ‘hackers are always on the lookout for the next big opportunity to dupe the poor unsuspecting public- E-cigarettes have become extremely popular with a high number of people using them. As USB dongles are used to charge the devices, its relatively easy to include extra hardware into the charger to enable communication with the endpoint device. From there it could compromise your machine or download malware directly to your desktop; in most cases, when you are charging your device there’s a good chance you will be using your laptop or desktop i.e. logged in and authenticated, and so the malware has a much higher chance of being successful in this state.’
Adam Brown, manager of Security Solutions at Synopsys also adds: ‘”Last year the University of Illinois and University of Michigan published research that showed if a hacker deliberately dropped a USB stick (which could have malware on it) there was a 50% chance that someone would pick it up and plug it into a computer. As Bevington’s recent research shows a vape pipe could easily be modified to work as any kind of peripheral device when plugged in, and so could be used in a similar way to either deliver a payload or perform some other malicious activity while plugged in. Potentially a vape pipe given away would very likely end up plugged in to a computer for charging and so would be an effective device for a targeted attack on a known vaper.’
The good news for vapers everywhere however, is that there are ways to prevent yourself from becoming a victim to this kind of attack, as Mark James points out: ‘if you want to stay safe from this type of attack, consider using a power adapter to charge your devices, or if you’re going to use your computer, then consider being logged out. Try, where possible, to be in the latest operating system- fully patched and up to date. Also make sure you have a good updated multi layered internet security product to catch any infection that may be attempted- be especially wary of buying third party charging dongles if you lose or break your supplied one.’
