The manufacturers of Electronic cigarette highlight the benefits to letting you lead a stress-free and healthy life, what they certainly do not highlight was that the device could be used for malware distribution as well.
It’s amazing what hackers can do these days. When it comes to malware, they prefer sending malicious attachments in an email but times have changed and these threat actors are coming up with new ways to target their victims. One of the new ways requires an e-cigarettes or a vape pen and some modification to convert it into a hacking tool and infect a targeted computer.
Security researcher Ross Bevington (@FourOctets on Twitter) had a presentation at BSides London that showcased an e-cigarette attacking a computer by tricking it to believe that it was a keyboard. It was also able to hack the computer by interfering with its network traffic.
It is done because most of the e-cigs come with a rechargeable lithium-ion battery, which can be plugged into a cable or directly connects to the USB port of a computer.
In a conversation with Sky News, Bevington said that:
“He had modified the vape pen by simply adding a hardware chip which allowed the device to communicate with the laptop as if it were a keyboard or mouse – A pre-written script that was saved on the vape made Windows open up the Notepad application and typed “Do you even vape bro!!!!”
It is unclear what kind of malware infection can be done through the e-cigarettes however based on WannaCry malware attack one can expect the worst, therefore, require to be careful while using e-cigarettes or vape devices on their computer.
This is not the first time when news regarding e-cigarettes infecting computers has come out. In 2014, a company executive had their computer infected with malware and no amount of cleaning, robust security or anti-malware protection was able to thwart the data compromise. The IT security experts failed to nail the problem and decided to investigate if the executive routine had any changes.
It was then that they found out that the executive had switched to e-cigarettes in an attempt to quit smoking and lead a healthy life. The IT experts discovered that the charger of the e-cigarette was compromised and the moment it was connected to the computer, the malware would connect it to a remote server and download the malicious software.
To avoid such risks, it is advised to disable data pins on the USB and keep only cable charge to prevent any information exchange between the devices it connects. Alternatively, use a USB Condom, a gadget that connects to USB and makes data pins ineffective.