from the need-to-put-a-filter-on-that-e-cigarette dept.
The Guardian features a story about e-cigarettes carrying some malware, infecting computers used to charge them. Though not entirely surprising when you actually think about it, personally I'd not have expected non-computerized devices which just happen to have micro-usb charger socket to pose a threat to IT security.
From the article:
“The made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer’s USB port the malware phoned home and infected the system.”
Later the article references some low-level attacks might be used to reprogram USB chips on devices, letting them act as USB keyboards issuing commands on the behalf of the logged in user, etc.
While the most common methods used for hacking are DDoS attack, ransomware, phishing, virus, Trojan, keylogger, ClickJacking attacks, etc., hackers are now looking to modify e-cigarettes into tools to hack into computers:
To explain this, security researcher Ross Bevington showcased a presentation at BSides London that revealed how an e-cigarette could be used to attack a computer either by interfering with its network traffic or by deceiving the computer to make it believe that it was a keyboard.
[...] Many e-cigarettes can be charged over USB, either with a special cable, or by plugging the cigarette itself directly into a USB port on a computer, security researchers warn that your computer could actually be compromised by the simple act of charging a vape pen with just a few simple tweaks to the vaporizer.
[...] While e-cigarettes could be used to provide malicious payloads to machines, there is typically very little space available on them to host this code.
"This puts limitations on how elaborate a real attack could be made," said Mr Bevington.
"The WannaCry malware for instance was 4-5 MB, hundreds of times larger than the space on an e-cigarette. That being said, using something like an e-cigarette to download something larger from the Internet would be possible."