What's the strangest way to hack a computer? I'd say using an e-cigarette is pretty high up there.
Security researcher Ross Bevington gave a presentation at BSides London recently showing how an electronic cigarette can be used to infiltrate a network or hack into a computer.
E-cigs require users to charge the device battery, often by plugging it into a computer's USB port. Connecting it directly to your computer can allow malicious users to infiltrate your network, trick your computer into thinking that the vape pen is a keyboard or mouse, or distribute malware.
"The security of the internet of things is fundamentally broken,” Bevington told Infosecurity Magazine. “Developers and manufacturers understandably are eager to get their new high-tech devices to market, and unfortunately often overlook security. Interoperable open standards are the key requirement if we’re to improve IoT security even in the smallest of connected devices—they will reduce that complexity by effectively outsourcing the trickiest security work to the subject-matter experts."
Twitter user @FourOctets recently posted a video demonstrating this type of attack. Shortly after plugging the device in, a message pops up on the screen with the text, "DO U EVEN VAPE BRO!!!!!!".
The hacker told Sky News he had simply added a chip to the device that allowed scripts to run.
While just 20 lines of code can do some damage, there are size limitations when using a vape pen to launch attacks.
“The WannaCry malware for instance was 4-5 MB, hundreds of times larger than the space on an e-cigarette. That being said, using something like an e-cigarette to download something larger from the internet would be possible,” said Bevington.
“If you run a business, you should invest in some kind of monitoring solution that can alert your security team when something like this attack occurs,” he added. “In all cases, be wary if someone wants to plug something into your machine.”
