Now e-cigarettes can give you malware | Technology | The Guardian
Better for your lungs, worse for your hard drives, e-cigarettes can potentially infect a computer if plugged in to charge
E-cigarettes may be better for your health than normal ones, but spare a thought for your poor computer electronic cigarettes have become the latest vector for malicious software, according to online reports.
Many e-cigarettes can be charged over USB, either with a special cable, or by plugging the cigarette itself directly into a USB port. That might be a USB port plugged into a wall socket or the port on a computer but, if so, that means that a cheap e-cigarette from an untrustworthy supplier gains physical access to a device.
A report on social news site Reddit suggests that at least one vaper has suffered the downside of trusting their cigarette manufacturer. One particular executive had a malware infection on his computer from which the source could not be determined, the user writes. After all traditional means of infection were covered, IT started looking into other possibilities.
The made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computers USB port the malware phoned home and infected the system.
Rik Ferguson, a security consultant for Trend Micro, says the story is entirely plausible. Production line malware has been around for a few years, infecting photo frames, MP3 players and more, he says. In 2008, for instance, a photo frame produced by Samsung shipped with malware on the products install disc.
Even more concerning is a recent proof-of-concept attack called BadUSB, which involves reprogramming USB devices at the hardware level. Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming, says Berlin-based firm SRLabs, which released the code.
Combine the two, says Ferguson, and a very strong case can be made for enterprises disabling USB ports, or at least using device management to allow only authorised devices.
For consumers its a case of running up-to-date anti-malware for the production line stuff and only using trusted devices to counter the threat.
Dave Goss, of Londons Vape Emporium, says that vapers can remain safe by buying from respected manufacturers such as Aspire, KangerTech and Innokin, and by checking for scratch checkers on the box, which mark out authentic goods from counterfeits.
Any electrical device that uses a USB charger could be targeted in this way, and just about every one of these electrical devices will come from China, he adds.
In early November, figures obtained by the Press Association revealed that e-cigarettes and related equipment, such as chargers, were involved in more than 100 fires in less than two years.
Quote:
Better for your lungs, worse for your hard drives, e-cigarettes can potentially infect a computer if plugged in to charge
E-cigarettes may be better for your health than normal ones, but spare a thought for your poor computer electronic cigarettes have become the latest vector for malicious software, according to online reports.
Many e-cigarettes can be charged over USB, either with a special cable, or by plugging the cigarette itself directly into a USB port. That might be a USB port plugged into a wall socket or the port on a computer but, if so, that means that a cheap e-cigarette from an untrustworthy supplier gains physical access to a device.
A report on social news site Reddit suggests that at least one vaper has suffered the downside of trusting their cigarette manufacturer. One particular executive had a malware infection on his computer from which the source could not be determined, the user writes. After all traditional means of infection were covered, IT started looking into other possibilities.
The made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computers USB port the malware phoned home and infected the system.
Rik Ferguson, a security consultant for Trend Micro, says the story is entirely plausible. Production line malware has been around for a few years, infecting photo frames, MP3 players and more, he says. In 2008, for instance, a photo frame produced by Samsung shipped with malware on the products install disc.
Even more concerning is a recent proof-of-concept attack called BadUSB, which involves reprogramming USB devices at the hardware level. Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming, says Berlin-based firm SRLabs, which released the code.
Combine the two, says Ferguson, and a very strong case can be made for enterprises disabling USB ports, or at least using device management to allow only authorised devices.
For consumers its a case of running up-to-date anti-malware for the production line stuff and only using trusted devices to counter the threat.
Dave Goss, of Londons Vape Emporium, says that vapers can remain safe by buying from respected manufacturers such as Aspire, KangerTech and Innokin, and by checking for scratch checkers on the box, which mark out authentic goods from counterfeits.
Any electrical device that uses a USB charger could be targeted in this way, and just about every one of these electrical devices will come from China, he adds.
In early November, figures obtained by the Press Association revealed that e-cigarettes and related equipment, such as chargers, were involved in more than 100 fires in less than two years.