IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Hackers are able to target your e-cigarette... Is nothing sacred?
Mon, 29th May 2017
FYI, this story is more than a year old

Vaping isn't much safer than smoking - but not in the way you think.

With a few simple tweaks to a vaporizer, a security researcher has demonstrated that the device made to be an alternate to smoking can be modified in such a way as to pass code to your computer.

It's a story as old as the internet. It begins with the USB port, as do a whole plethora of other security problems. USB ports are used for both charging and the transfer of data, which often means they are the most convenient place to plug in a phone, e-reader, tablet, or any other device that can charge or be topped up with data. In this case, a vaporizer.

In a video demonstrating his work, the security researcher, who goes by FourOctets, plugs an e-cigarette into a computer's USB and the device immediately lights up as if to charge. A few seconds go by and the computer starts to react.

"DO U EVEN VAPE BRO!!!!!," reads a pop up message on the screen. Essentially, the vaporizer issued a custom command to the computer, and the computer obliged happily.

While the researcher has no ill-intent, it is easy to imagine someone more morally bankrupt loading a computer with something less amusing. Think keyloggers, or ransomware.

For the vapers out there worried, it's not a simple case of just accessing someone's e-cigarette. It requires quite a bit of hands on work.

"It started as more of a joke than anything," FourOctets says on Twitter.

"This is done with extra hardware and a little bit of code. Another goal usually when doing dumb stuff like this is that stuff is not always what it seems and that random stuff that can plug into a computer can be dangerous," he explains.

"A lot of folks aren't aware that something like this is even possible whether it be with firmware or added hardware and a tiny bit of code found online."

In short, should you be worried that your vape is compromising your PC?

"It's probably pretty unlikely to ever get something like this from the factory that would do this," FourOctets noted.

“But the possibility is there and people need to be mindful of that."

So there you have it. It's probably not necessary to run to the gas station and pick up your old favourite pack of smokes, and you can probably keep vaping without being hacked. It's important to realise that your devices are always exposed to risks you would never comprehend, and it's not a terrible idea to keep your antivirus up to date on your home computer.