B-Sides, London’s recent cyber security conference, highlighted new research and innovation in cyber security and hacking. One interesting presentation by researcher Ross Bevington, showed how an e-cigarette could be used to attack a computer.
The presentation showed how the e-cigarette could interfere with the network traffic or deceive the computer to make it believe that it was a keyboard.
Similar to things like smart phones or fitness watches, electronic cigarettes and vaporizer cigarettes are battery powered but do need to be charged regularly. The e-cigarette can be charged via USB, by either plugging directly into a USB port or with a special charger.
Ross Bevington showed that you could actually be compromising your computer by simply charging a vape pen, which he demonstrated with just a few tweaks to the vaporizer.
By adding a hardware chip, it allowed the device to communicate with the computer in the same way a mouse or keyboard would. On this hardware chip there was pre-written script installed which when plugged into a computer, Windows opened up the Notepad application to display a message.
This showed that the pre-written script could start issuing commands to the unlocked device and it could potentially contain something malicious to attack your computer.
Mark James, ESET IT Security Specialist, discusses the potential harm this could cause and the best ways to protect your desktop.
“Hackers are always on the lookout for the next big opportunity to dupe the poor unsuspecting public.
“E-cigarettes have become extremely popular with a high number of them using USB dongles to charge.
“It is relatively easy to include extra hardware into the charger to enable communication with the endpoint device.
“From there it could compromise your machine or download malware directly to your desktop.
“In most cases when you are charging your device there’s a good chance you will be using your laptop or desktop i.e. logged in and authenticated, and the malware has a much higher chance of being successful in this state.
“If you want to stay safe from this type of attack consider using a power adapter to charge your devices, or if you’re going to use your computer then consider being logged out and try where possible to be on the latest operating system fully patched and up to date.
“Also, make sure you have a good updated multi-layered internet security product to catch any infection that may be attempted.
“Lastly, be wary of buying third party charging dongles if you lose or break your supplied one.”
How many devices to your charge using a USB from your PC? Let us know on Twitter @ESETUK.
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.