My twin brother by another mother, Mike, sent me the following update about e-cigarettes.
“Oh, I just read that the new e-cigarette can give a PC a virus. They need to be charged up to make the vapor stuff, and they charge via USB. And most are made in China, so the charger has a built-in virus. Nice of them, no extra charge. No pun intended. Anyway, now smoking fake cigarettes can be harmful to your PC.”
Mike knows this stuff: he’s a certified network engineer and a security specialist. He keeps up with all the current threats. I went looking for details.
A story on social news site Reddit says that at least one “vaper” has reported the downside of trusting their e-cigarette manufacturer. An executive discovered a malware infection on his office computer. The source could not be determined. After all traditional sources of infection were investigated the I.T. department started looking into other possibilities.
The executive’s e-cigarette was charged by a USB cable, so it could be plugged into a computer to juice up. They checked the charger and found malware hardcoded into the device. Plug the e-cig into a computer and it transferred the malware installer.
Trojan E-Cigarette
The web site DailyMail.Co.UK reports the hacker, known online as Jester, predicted this trend in March, and said the problem could spread to other devices.
“All those desk toys, like the coffee warmer, and the mexican jumping bean thing, all those ‘office toys’ you can get from ‘thinkgeek.com’ and similar, that only come with a little USB plug you have no choice but to drop in your PC (whichever PC you are near) they are all made in China,” he said.
Rik Ferguson, a security consultant for Trend Micro, says the story is entirely plausible, and something similar has already infected many household gadgets.
“Production line malware has been around for a few years, infecting photo frames, MP3 players and more,” he told the Guardian.
A recent proof-of-concept attack called ‘BadUSB’, involves reprogramming USB devices at the hardware level, meaning ‘safe’ gadgets could be turned into hacking tools.
“Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming,” says Berlin-based firm SRLabs, which released the code.
“This versatility is also USB’s Achilles heel: Since different device classes can plug into the same connectors, one type of device can turn into a more capable or malicious type without the user noticing,” SRL claims.
‘No effective defenses from USB attacks are known.
My Advice to You
If you have a USB device like these e-Cigarettes or some desk toy that does not have to plug into a computer, use the more cumbersome option of a USB-110 adaptor and plug it into a wall outlet instead. If you have a data storage device, camera, electronic picture frame, etc. that must plug into your computer to do its job, make sure you have top-notch virus protection and anti-malware software installed.
