Electronic cigarettes devices can be modified in a fashion that allows hackers to attack computers when it is plugged into the USB port. Hackers can just add a hardware chip into the area of the battery to turn it into a malicious tool.
The vaping devices can be modified in a fashion that allows hackers to attack computers when it is plugged into the USB port.
By adding a hardware chip with a pre-written script, cyberthieves can meddle with traffic or trick the computer into thinking it is a keyboard to carry out commands.
E-cigs are currently caught in the middle of a health debate, as numerous studies have argued that they are either better or worse than traditional tobacco cigarettes - but experts have yet to come to a conclusion.
However, a recent discovery has made one risk of these devices very clear.
Because a majority of the vaporizers are charged via a USB port, they seem to openly invite hackers to modify them into stealth weapons.
The discovery was made by Ross Bevington, who is a security researcher and 'proper' C++ software developer who specializes in low level computer security and bespoke system development.
Bevington recently gave a demonstration of how 'an electronic cigarette (e-cig) isn't just a glorified smoke machine but an ARM powered covert exploit platform,' he shared in the description of the presentation during BSides London.
He explained that by connected the device to a computer, the hacker is able to interfere with network traffic or trick it into thinking it is a keyboard and will upload the pre-written script, reported Sky News.
However, the security researcher had also noted that the attack requires the victim's computer to be unlocked, but it has been found that this still won't keep these hackers at bay.
A researcher demonstrated the hack by plugging the device into a USB cord into the device and the other end into a computer, and in seconds, the computer uploads the pre-written script made Windows open up the Notepad application.
Another researcher and security engineer, who goes by the name of 'FourOctets', had recently shared a video on his Twitter page, which has revealed just how simple the process is.
FourOctets holds up what appears to be the average e-cig, complete with a large rectangular battery pack.
He plugs the USB cord into the device and the other end into a computer, and in seconds, the computer uploads the pre-written script made Windows open up the Notepad application.
The script only said 'DO YOU EVEN VAPE BRO' and although harmless, it reveals just how dangerous this hack can be.
The script only said 'DO YOU EVEN VAPE BRO' and although harmless, it reveals just how dangerous this hack can be. FourOctets noted that, using less than 20 lines of code, the computer could be made to download an arbitrary and potentially dangerous file and run it.
While e-cigarettes could be used to deliver malicious payloads to machines, there is usually very little space available on them to host this code.
'This puts limitations on how elaborate a real attack could be made,' said Mr Bevington.
Because a majority of the vaporizers are charged via a USB port, they seem to openly invite hackers to modify them into stealth weapons.
[Link]
even smarter folks solder together their own version.using recycled parts.