Story image

Hackers are able to target your e-cigarette... Is nothing sacred?

29 May 17

Vaping isn’t much safer than smoking - but not in the way you think.

With a few simple tweaks to a vaporizer, a security researcher has demonstrated that the device made to be an alternate to smoking can be modified in such a way as to pass code to your computer.

It’s a story as old as the internet. It begins with the USB port, as do a whole plethora of other security problems. USB ports are used for both charging and the transfer of data, which often means they are the most convenient place to plug in a phone, e-reader, tablet, or any other device that can charge or be topped up with data. In this case, a vaporizer.

In a video demonstrating his work, the security researcher, who goes by FourOctets, plugs an e-cigarette into a computer's USB and the device immediately lights up as if to charge. A few seconds go by and the computer starts to react.

"DO U EVEN VAPE BRO!!!!!," reads a pop up message on the screen. Essentially, the vaporizer issued a custom command to the computer, and the computer obliged happily.

While the researcher has no ill-intent, it is easy to imagine someone more morally bankrupt loading a computer with something less amusing. Think keyloggers, or ransomware.

For the vapers out there worried, it’s not a simple case of just accessing someone’s e-cigarette. It requires quite a bit of hands on work.

"It started as more of a joke than anything," FourOctets says on Twitter.

"This is done with extra hardware and a little bit of code. Another goal usually when doing dumb stuff like this is that stuff is not always what it seems and that random stuff that can plug into a computer can be dangerous," he explains.

"A lot of folks aren't aware that something like this is even possible whether it be with firmware or added hardware and a tiny bit of code found online."

In short, should you be worried that your vape is compromising your PC?

"It's probably pretty unlikely to ever get something like this from the factory that would do this," FourOctets noted.

“But the possibility is there and people need to be mindful of that."

So there you have it. It’s probably not necessary to run to the gas station and pick up your old favourite pack of smokes, and you can probably keep vaping without being hacked. It’s important to realise that your devices are always exposed to risks you would never comprehend, and it’s not a terrible idea to keep your antivirus up to date on your home computer.

Australian businesses get serious about SD-WAN
"SD-WAN is doing to enterprise networks what virtualisation did to enterprise data centres almost a decade ago, but it's happening much faster."
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
White box losing out to brands in 100 GE switching market
H3C, Cisco and Huawei have all gained share in the growing competition in the data centre switching market.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
How Fujitsu aims to tackle digitalisation and the data that comes with it
Fujitsu CELSIUS workstations aim to be the ideal platform for accelerating innovation and data-rich design.
Genesys PureCloud generates triple-digit revenue growth year on year
In Australia and New Zealand, the company boosted PureCloud revenue by nearly 100%.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.