When I first heard that e-cig can be exploited as an effective hacking tool to infect a PC, I thought that it was someone’s fib. What does my vaporizer have to do with viruses? I made a small media research and found out that this scenario is quite possible. I also learned that it’s easy to protect your device.
How can your computer be hacked?
Electronic cigarettes are battery-powered devices. Many of them can be charged through USB. Users either directly plug the device into the current through a special adapter or connect it to a USB port on a computer. Here’s where the actual risk lies.
The researcher in the field of cybersecurity Ross Bevington had an interesting presentation at BSides London in 2017. He described how an electronic cigarette could fool the computer into thinking a mouse or keyboard is attached. However, this type of breach needs the targeted OS to be unlocked.
A hacker and security expert, registered on Twitter under the nickname FourOctets, uploaded a video that demonstrates such an attack. FourOctets plugs an e-cig into a USB port of his laptop, it lights up as a sign that an e-cig starts charging, and after a few moments, a phrase ‘DO U EVEN VAPE BRO!!!!’ pops up on the screen. The hacker had modified the vape by installing an additional microchip in it.
Such situations do happen in real life. A Reddit user under the nickname Jrockilla told a true story about an executive at some “big company” (the name was not specified) who had malware on his corporate computer despite having up-to-date anti-virus and anti-malware protection.
This happened in 2014. Malicious malware was found on the machine of one of the managers. None of the usual malware suspects were detected, so the manager was asked if he had recently connected any device to the computer. It turned out that the executive had charged an e-cigarette (see here). The IT professionals discovered the root of the problem as soon as they examined the charger which had malware on it. The device was manufactured in China and was bought for $5 on eBay.
Are things so serious? No panic!
Modern e-cigs are high-tech devices. They are made of quality materials that are best suited for the devices’ performance. They provide satisfying e vapor. And they are packed with a lot of features. Of course, I’m talking about the models that cost far more than $5.
Unfortunately, in the race for development of technologically advanced devices, manufacturers often overlook such an important aspect as security. It has been demonstrated that minor modifications can convert an electronic cigarette into a tool to hack a targeted computer.
FourOctets used less than 20 lines of code to force the computer to download a potentially dangerous file and run it. Longer codes are a no-go. E-cigarettes have too little space and won’t be able to host a complex code. For example, the size of The WannaCry malware is 4 to 5 MB. An e-cig’s memory simply has no room for this bulky 5MB file. Ross Bevington says that “this puts limitations” on real attacks.
The best ways to protect your OS
Ross Bevington warns that charging an electronic smoking gadget through a computer might have negative consequences for the entire system of a company. Most hackers pursue financial benefits. They are hunting for such valuable information as bank cards. Bevington thinks that business owners need to pay close attention to cybersecurity. He gives several safety tips:
- Frequent update of your OS and all other software is a must.
- It’s necessary to invest in some type of monitoring system that is designed to alert a security team when intrusion attempts occur.
- Be selective when it comes to connecting someone’s devices to your machine.
To protect your OS from the potential harm of e-cig, security specialists recommend buying an electronic cigar that doesn’t have a USB connection. Even if your device has this feature, use the charger for a wall outlet.
But what to do if you’re satisfied with your particular model and don’t want to look for another one? Or what if you get in a situation when you’ll have no other charging options that using a computer? You’ll have two options:
- Disable data pins on the USB and use only cable charge. This way, you’ll prevent an unintentional data exchange between two connected devices.
- Use a USB condom. It’s a simple gadget that prevents migration of any files from a USB port of an attached e-cig to a vaper’s PC or Mac. By the way, a USB condom can be used with any kind of technological device that is attached to a computer. The price of this little tech wonder is only about $10.
To increase your safety even more, IT specialists share the next tips that would protect you from malicious files from different sources, not just from an e cig vaporizer:
- Log out.
People often use their laptops or desktops while charging their devices. Being logged in and authenticated increases the chance of the malware’s success.
- Create strong passwords.
Avoid common passwords like “123456”, “11111111”, or “qwerty” that any hacker can easily crack. Think of something more complex.
- Try double authentication.
Advanced users choose two-factor authentication (2FA). At first, a user has to specify a password, as usual, and then enter the code sent via text message, or answer a “secret question”, or other option.
- Don’t follow extraneous links.
If you get an e-mail from unknown address or site, mark it as spam and don’t even open it.
- Be on the latest operating system that is updated and patched.
An up-to-date multi-layered internet security product will handle any kind of attack.
Buy e-cigs of respectable brands, don’t neglect safety, and the possibility of being hacked will become someone’s fib!