from the another-USB-exploit dept.
While the most common methods used for hacking are DDoS attack, ransomware, phishing, virus, Trojan, keylogger, ClickJacking attacks, etc., hackers are now looking to modify e-cigarettes into tools to hack into computers:
To explain this, security researcher Ross Bevington showcased a presentation at BSides London that revealed how an e-cigarette could be used to attack a computer either by interfering with its network traffic or by deceiving the computer to make it believe that it was a keyboard.
[...] Many e-cigarettes can be charged over USB, either with a special cable, or by plugging the cigarette itself directly into a USB port on a computer, security researchers warn that your computer could actually be compromised by the simple act of charging a vape pen with just a few simple tweaks to the vaporizer.
[...] While e-cigarettes could be used to provide malicious payloads to machines, there is typically very little space available on them to host this code.
"This puts limitations on how elaborate a real attack could be made," said Mr Bevington.
"The WannaCry malware for instance was 4-5 MB, hundreds of times larger than the space on an e-cigarette. That being said, using something like an e-cigarette to download something larger from the Internet would be possible."
The Guardian features a story about e-cigarettes carrying some malware, infecting computers used to charge them. Though not entirely surprising when you actually think about it, personally I'd not have expected non-computerized devices which just happen to have micro-usb charger socket to pose a threat to IT security.
From the article:
“The made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer’s USB port the malware phoned home and infected the system.”
Later the article references some low-level attacks might be used to reprogram USB chips on devices, letting them act as USB keyboards issuing commands on the behalf of the logged in user, etc.