Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday June 18 2017, @11:43AM   Printer-friendly
from the another-USB-exploit dept.

While the most common methods used for hacking are DDoS attack, ransomware, phishing, virus, Trojan, keylogger, ClickJacking attacks, etc., hackers are now looking to modify e-cigarettes into tools to hack into computers:

To explain this, security researcher Ross Bevington showcased a presentation at BSides London that revealed how an e-cigarette could be used to attack a computer either by interfering with its network traffic or by deceiving the computer to make it believe that it was a keyboard.

[...] Many e-cigarettes can be charged over USB, either with a special cable, or by plugging the cigarette itself directly into a USB port on a computer, security researchers warn that your computer could actually be compromised by the simple act of charging a vape pen with just a few simple tweaks to the vaporizer.

[...] While e-cigarettes could be used to provide malicious payloads to machines, there is typically very little space available on them to host this code.

"This puts limitations on how elaborate a real attack could be made," said Mr Bevington.

"The WannaCry malware for instance was 4-5 MB, hundreds of times larger than the space on an e-cigarette. That being said, using something like an e-cigarette to download something larger from the Internet would be possible."

Previously: E-Cigarettes are Bad for the Health — Of Your Computer


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Sunday June 18 2017, @03:21PM (2 children)

    by Anonymous Coward on Sunday June 18 2017, @03:21PM (#527484)
    I think it's slightly psychologically easier to convince someone to let you charge your phone from their PC than to stick your vape stuff to it. Unless it's one of those exploding Samsungs...

    More people would be sympathetic to your phone addiction than your vape addiction. Plus if you're a non-smoker you might not want to fake a vape addiction.

    FWIW I've used my phone to store patches to bypass USB storage restrictions - had to patch some software but the company security policy blocked USB drives on USB ports, optical drives and blocked zip files.

    A nation state is likely able to modify the phone itself to hack stuff, but in many cases you could probably cheat and mod a phone case instead of the phone ;).

    As such I don't really see the advantages of using e-cigs in most cases. Phones offer so much more flexibility, power and connectivity (mobile data); far more options.

    Maybe a place that forces you to leave your phone at the door would allow you to bring in your vape charger (but after this they might not ;) )... But if they don't you may have to use those tiny usb stuff and hope nobody notices.
  • (Score: 2) by Arik on Sunday June 18 2017, @08:57PM (1 child)

    by Arik (4543) on Sunday June 18 2017, @08:57PM (#527585) Journal
    Really doesn't matter whether it's a phone or a flash drive or an e-cig. All these attacks are the same.

    They should be defeated at the software level, but of course for anyone who has to deal with windows... yeah. It's going to continue doing the most bone-headedly stupid thing it can possibly do (even if you dig into settings and explicitly override, there's a good chance you'll be ignored.)

    But there IS a simple and robust solution to the problem that will work even if you are stuck using a defective OS.

    http://www.instructables.com/id/USB-Condom/

    --
    If laughter is the best medicine, who are the best doctors?
    • (Score: 0) by Anonymous Coward on Monday June 19 2017, @06:40AM

      by Anonymous Coward on Monday June 19 2017, @06:40AM (#527775)

      Tell that to these bunch:

      While e-cigarettes could be used to provide malicious payloads to machines, there is typically very little space available on them to host this code.

      "This puts limitations on how elaborate a real attack could be made," said Mr Bevington.