Can E-cigarettes be Used to Hack Computers?
Scientists and fans of electronic cigarettes have long agreed that it is safer to vape than to smoke a conventional cigarette. But not in all spheres of activity it is harmless, for most technological processes and machines the device can cause damage.
Innovations in technology shock modern people. If earlier there were only movies about cyber attacks and science fiction novels, now it is the part of the everyday reality.
Lately, hackers become more and more creative and invent new ways and methods how to break cybersecurity. Though still, the most spread and popular methods used for hacking are ransomware, Trojan, phishing, virus, keylogger, DDoS attack, ClickJacking attacks, etc., modern hackers decided to go even far and use a regular e-cigarette as a tool for hacking computer systems.
What is electronic cigarette?
For those who do not know an electronic cigarette is an electronic device that looks like a conventional cigarette and allows you to simulate the process of smoking. Packaging from electronic cigarettes includes a replaceable cartridge and a charger. In the shell of the cigarette, there is a battery and a tiny steam generator. The whole mechanism is activated as soon as you inhale.
In the process of smoking, steam is generated, which contains a dose of nicotine. The strength and taste of a cigarette depend on electronic “filters”, which contain nicotine and flavoring substances. Filters are unscrewed from the main body and easily replaced. One filter is equivalent to 15-50 cigarettes.
A modern electronic device is not only a way to save one’s health, but it can also be used to hack a computer. An electronic cigarette is connected to the laptop via a standard USB port and can infect it with a virus.
E cig vaporizer can be used to hack a computer, with a minimum of effort
This was reported by the researcher of cybersecurity Ross Bevington (Ross Bevington). At the BSides London 2017 conference, he demonstrated the process of hacking. According to him, such tactics are effective for open systems. However, it is possible to develop such an attack scenario through a cigarette, which will work on blocked PCs.
Since electronic cigarettes are charged via a USB port, owners often connect them to a computer, and not directly to a power socket. Installing an additional microcircuit in the cigarette, you can convince the PC that it is a keyboard. Accordingly, the OS will start executing all the commands coming from the connected device. Another option is possible: the cigarette begins to interact with network traffic, which also leads to hacking.
Are there any disadvantages?
According to Bevington, an e vapor cannot contain too large code, which imposes restrictions on the choice of malicious software. For example, the known program-extortionist WannaCry is much bigger than the cigarette limit. However, theoretically, a cigarette can be modified in such a way as to load a larger file from the Internet.
“PoisonTap is a very similar style of attack that will even work on locked machines,” Mr. Bevington told Sky News.
Has it already been used in practice?
The Bevington’s invention was confirmed by an Internet user named FourOctets, who posted a Twitter video in the social network that demonstrates the mechanism of such an attack. On the video, the user connects an electronic cigarette to the laptop, after which the computer begins to perform extraneous codes. For example, malicious software is loaded into the laptop’s memory.
As explained by FourOctets, he used the same tactics as Bevington: he made the computer recognize the cigarette as a keyboard or mouse. To download and execute a malicious file on the PC, he wrote a script consisting of less than 20 lines. Speaking to Sky News, Fouroctets said he had pulled the vape pen by merely appending a hardware chip, which allowed the device to make an impact to the laptop as if it were a keyboard or mouse. Also, a pre-written script that was saved on the vape made Windows open up the Notepad application to display the message.
In 2014, a Reddit user named Jrockilla described a real case of hacking a corporate computer using a e cig vaporizer. The incident occurred in a “big company”, the name of which is not specified. On the computer of one of the managers, malware was detected. The company’s IT department for a long time could not figure out where it came from: the computer had modern, up-to-date protection.
Looking at the various options, IT professionals finally asked the manager, whether there have been some changes in his life recently. He replied that two weeks ago he switched from conventional cigarettes to electronic cigarettes. IT staff asked him to show. It was the device of the Chinese brand, bought for $ 5 on eBay. Testing showed that after connecting to a USB port, the cigarette sends a signal to its “home” system and infects the computer.
How to protect my device?
The best possible way to handle these kinds of attacks is to make sure that your machine has updated its security patches, said Mr. Bevington, and he also advises to have a good password and lock your computer when you leave it.
In order not to become a victim of cyber attacks on your computer, do not neglect the safety rules. Even if it seems that the electronic cigarette is not a threat, it may well be one of those on which improve their skills. Therefore, it’s best to charge the e cig from a standard network device.
“If you run a business you should invest in some monitoring solution that can alert your security team when something like this attack occurs,” Bevington said.
So, believe or not, but maybe your vaping device also contains a chip which can break your computer’s