The jury may still be out on the overall health dangers of e-cigarettes, but one thing has become abundantly clear: those devices pose a definite threat to one’s electronic equipment and data. This week, several media outlets reported that hackers are now using e-cigarettes as a method of infecting personal computers with malware and ransomware.
The story first broke last week on Sky News in the U.K. Ross Bevington, a cybersecurity expert, gave a presentation at the international hacker convention Security BSides in London, demonstrating how an e-cigarette – a relatively low-tech device – can be used to bypass a personal computer’s security software. Rechargeable e-cigarettes usually have a connection that allows the user to plug them into a USB port on a desktop or laptop computer. While this can be handy when no wall outlet is available, this also enables e-cigarettes to contain code that automatically and easily executes commands when a PC’s Autoplay feature is activated.
In a short video posted on Twitter, another hacker – who goes by the handle “FourOctets” – showed how such a cyber attack might be carried out. The moment he plugged his e-cigarette into a laptop running Windows 10, a script popped up, displaying tongue-in-cheek text: “DO YOU EVEN VAPE, BRO!!!!” Fortunately, in this particular case, that is as far as it went.
It’s not always so innocuous, however. There have been numerous stories recently of people who find a stray USB drive somewhere, take it home and plug it in out of curiosity – only to have their hard drives eaten, or their motherboards fried. Even worse, software on such a device can hijack a computer remotely, allowing a third party to steal personal data (go here to view a YouTube video on how this can happen).
Granted, an e-cigarette by itself is not capable of storing an entire malware or spyware program – but it is capable of storing enough code that could order a computer to download such applications from another location. Bevington also suggests that while most such security breaches happen when a computer is unlocked, it is possible that malware exists capable of getting through such barriers.
Human health concerns notwithstanding, it should be pointed out that the danger of cyber attacks does not come from e-cigarettes purchased new from the manufacturer. The device must be modified by a hacker before it is able to deliver malicious code. While it is preferable not to use e-cigarettes at all, if one must, it is best to use only new ones and not accept those obtained from friends or other individuals.