E-Cigarettes, the new electronic cigarettes allegedly healthier than normal ones, may be a poor health choice, not in the traditional sense, but have become the latest target for hackers and malicious software according to online reports.
E-Cigarettes is short for electronic cigarette, meaning the device needs to be charged which can be done with a special cable, or by plugging the cigarette directly in via USB port. The USB can then be attached to a wall charging adapter or through the USB port on a computer. If plugged in via USB, this means you may be giving access to an untrustworthy supplier gaining them physical access to your computer.
According to a ‘report’ or story posted on the social site Reddit, one user suggested his company became victim to one of these harmfully malicious electronic cigarettes from an unknown manufacturer. “One particular executive had a malware infection on his computer from which the source could not be determined,” the user wrote. “The executive’s system was patched up to date, had antivirus and up to date anti-malware protection. After all traditional means of infection were covered, IT started looking into other possibilities.”
“The made in china e-cigarette had malware hard coded into the charger and when plugged into a computer’s USB port the malware phoned home and infected the system,” the user said. The Redditor then questioned the legitimacy of plugging in made in China USB devices into ones computer.
According to a report made the Guardian, Rik Ferguson, a security consultant at Trend Micro said the story is entirely plausible. Ferguson cites one incident back in 2008 where a photo frame produced by Samsung shipped out with a malware-laced product installation disk. The culprit was said to be the manufacturer’s factory, not Samsung itself.
Only to add, recent proof-of-concept attack called BadUSB was released weeks prior, allowing USB devices to be reprogrammed at a hardware level. The security firm who released the BadUSB code said widely used USB controller chips have no protection over such types of reprogramming.
The two paired could be a deadly combination, even forcing enterprise clients to lock USB ports, only allowing authorized devices to be connected.
E-cigarettes can still remain safe if purchased from trusted manufactures and by checking the goods are authentic.
Nearly all USB-based chargers will come from China, meaning purchasing from a trusted retailer may lower the chances.
Another tip for e-cigarette users would be to only charge the device through a wall outlet or with a wall socket adapter, meaning the device never touches your computer. If the e-cigarette, the charger, or anything is laced with malicious software, it would never have the ability to infect your devices.
The solution for infected users would be to keep an up-to-date anti-virus and stay aware of the growing threat. How many may be infected or how long this has been going on remains unknown. We can only predict more reports or claims will appear in the coming days.