Not a day goes by, it sometimes seems, that we don’t hear about another way that hackers can attack our systems and steal our information. Keeping a system locked down and secure can seem like an impossible task when it can be vulnerable in ways that we’d never suspect.
One recent example is some work done by researcher Ross Bevington, who showed that the seemingly innocuous and decidedly low-tech e-cigarette can be used to break into a machine, as ExtremeTech reports. Don’t panic yet, however, because it’s not the vaporous aspects of e-cigarettes themselves that are at fault.
Bevington demonstrated the method of attack using an e-cigarette in a video that he shared on Twitter:
Sorry if I get vape pens banned at your work place…… pic.twitter.com/VYhIIvyDEx
— Wll buy derby ticket (@FourOctets) May 25, 2017
Basically, e-cigarettes require power to function, given that they heat up liquids to create vapors that users inhale as a substitute for burning tobacco. As with many devices today, some rechargeable e-cigarettes come equipped with USB connections to draw power from PCs. That USB connection provides a handy way to keep vaping when you can’t get to a wall socket.
The problem is that any device that can plug into a USB port can hide electronics that can host malware that executes commands when plugged in and wreak havoc on a system. PCs have been designed to make it easy to run programs when USB drives are plugged in and that very convenience can make a system vulnerable to attack. The problem is so severe that some people are making tools that sit between a USB port and the outside world, forming an elaborate barrier.
Of course, e-cigarettes aren’t dangerous out of the box, and if you only use ones that you’ve purchased and don’t let random people plug theirs into your PC, then you’re probably safe. Rather, the real concern is that you could acquire an e-cigarette from a sketchy source that’s been modified to include PC-like smarts.
USB-based malware attacks are nothing new, nor are tools that can literally fry a motherboard merely by plugging in what looks like a typical USB flash drive. While modern systems do have some safeguards built in to stop code from executing, plenty of examples exist that enable these systems to be bypassed. The simplest response is to follow a strict policy of never plugging anything into your USB port if you’re not 100-percent certain it’s safe — and that includes waiting until you get to a plug before charging up your e-cigarette for a quick fix.