A vape pen can compromise your computer even if it only appears to be charging, security researchers warn.
Security researchers have demonstrated that e-cigarettes can easily be turned into computer hacking tools.
With just a little modification, attackers can use vape pens to attack any computer connected to them.
In a presentation at BSides London, Ross Bevington showed how e-cigarettes can attack computers by tricking them into thinking they are keyboards or interfering with network traffic.
The type of attack Mr Bevington describes requires the victim's computer to be unlocked, but of course that's not always the case.
“PoisonTap is a similar attack that can affect devices with security keys,” Mr Bevington told Sky News.
A hacker and researcher named Fouroctets has released a video demonstrating strange commands being sent to his unlocked laptop right after he plugged in his vape to charge.
Speaking to Sky News, Fouroctets said he modified the vape pen by adding a hardware chip that allows the device to connect to a laptop and function as a keyboard or mouse.
A command saved in the vape pen will cause Windows to automatically open the Notepad application and type: “No vape bro!!!”
However, this simple command can also be turned into a more dangerous command.
Fouroctets showed Sky News that with less than 20 lines of code, a computer can be forced to download a malicious code or file and run it.
While e-cigarettes can be used to inject harmful programs into computers, their capacity is not large enough to contain this type of code.
“This would put a limit on the organization's ability to mount a real attack,” Mr. Bevington said.
“For example, the WannaCry virus is 4-5MB in size, which is much smaller than the available space in an e-cigarette. So, using something like an e-cigarette to download a large program from the internet is completely possible.”
The best way to avoid these types of attacks is to make sure your device has the latest security updates, Bevington said, and to set a strong password to lock your device when not in use.
“If you are a business, you should invest in a management system that can alert your security team immediately when a device is compromised,” he says.
“In short, always be on guard if someone tries to plug any external device into your computer.”
Source: Alexander J Martin, Technology Reporter - Sky News
Translator: The Vape Club.
