Scientists and e-cigarette aficionados have long agreed that it’s safer to vape than smoke a traditional cigarette. But that’s not exactly true when it comes to technology. Electronic smoking devices can damage computers.
Hackers keep track of the latest trends in the tech world. While millions of people use vape products as an alternative to smoking, they found out an innovative use of these devices. Now, these are new tools to for hacking.
What is an electronic cigarette?
Battery-powered smoking device that looks and feels like a regular cigarette is called vapor electronic cigarette. It’s used for the delivery of inhaled doses of nicotine. Vaping provides a sensation similar to the inhalation of tobacco but without combustion. A heating element transforms the liquid into a vapor.
There’re also different flavored e-juices on the market. Users can enjoy e vapor that tastes and smells like some fruit, food, drink, or other appealing substance.
How can you be hacked?
Many vapers can charge their e-cigarettes over USB. They either use a special cable or insert one end of the cigarette right into a USB port. It only takes a few tweaks to the device to become a weapon that can download malevolent payloads from the Net.
Security researcher, Ross Bevington gave a presentation on hacking OS with e-cigs at the BSides London 2017.
The researcher explained that an intruder could use an e-cigarette to break a computer by fooling it to believe that the device is a keyboard or by interfering with its network traffic. This particular form of attack is effective only for unlocked systems.
Another computer geek under the nickname FourOctets posted a video on Twitter which shows the mechanism of this attack.
The video features the user connecting his e-cig to the PC. Then the laptop lights up as it usually does and the vaping device starts charging. Within a few seconds, a message appears on the screen: ‘DO U EVEN VAPE BRO!!!!’.
Fouroctets said that he had modified the electronic smoking device by embedding a hardware chip. It forced the PC to treat the cigarette as if it was a keyboard or a mouse. Consequently, a malicious file appears on the PC.
A Reddit user Jrockilla shared a true story of attacking a corporate computer via a vaping gadget in 2014. Malicious software was found in one of the machines. The company’s IT department couldn’t detect its source. When they asked the manager if he connects any electronic device to the machine, he answered that he charged his electronic cigar. The device was made by an unknown Chinese brand and cost $5 on eBay. Testing discovered that after the connection with a USB port, the cigarette sent a signal to its native system and infected the computer.
Ross Bevington’s Advice on How to Protect Your OS
At first glance, your e cig vaporizer may look harmless. But what if it really has an inbuilt chip that can break your computer?
Don’t neglect your own security. Mr. Bevington warns that using a computer to charge your electronic smoking device may negatively affect the whole company system. He shares a few safety tips:
- Update your OS and other software frequently.
- Business owners should take care of a monitoring solution that can alert their security teams in case of possible attacks.
- Be wary when someone asks you to use your machine and plug some device into it.
Safety Tips on How to Protect Your Computer
Most hackers seek for commercial benefits. If your computer doesn’t have any information about your bank card or state secrets, a hacker won’t find it interesting. However, it’s better to be safe than sorry. Consider the next tips:
- Don’t charge an e-cig with your computer
Vapers often connect their e-cigarettes to the computer instead of using the charger in the outlet. You already know what can happen when an additional microcircuit is installed in the device. To charge your vape device, always use the outlet.
- Create a strong password
The lists of the most common passwords of different years look pretty the same. It seems like users don’t want to rack their brains to protect their computers. The leading positions are usually occupied by “123456”, “123456789”, “qwerty”, and “111111”. IT experts call such options truly terrible. These are the passwords that hackers will always guess first to crack your software.
The password must be at least 8 characters in length. It must contain letters, numbers, and punctuation. It’s inadvisable to use a dictionary word or any personal information like the birthdate or nickname of your pet. It can be difficult to remember such password, but it’s worth it!
- Take advantage of double authentication
That’s what advanced users do. They use is an extra layer of security known as two-factor authentication (2FA).
This process requires a user to verify their identity in two ways. Traditionally, you’re asked to provide your username and a password. Then, you’ll have to provide information that could come from one of the three categories:
- Something you know: a password, a personal identification number (PIN), or an answer to “secret question”.
- Something you have: SMS-notification via a smartphone, or a small hardware token.
- Something you are: biometric pattern of a fingerprint or a face scan.
- Don’t click on strange links.
This tip seems to be well-known. However, some people still open e-mails from unknown addresses and follow the link. That’s how hackers gained access to a computer network used by Democratic presidential nominee Hillary Clinton’s campaign. The US Democratic Party’s member had the misfortune to follow a link and fill out the forms of the mailbox. If you get such emails, mark them as spam and don’t even read them.
Buy vaporizers of reputable brands, take basic safety measures, and you’ll reduce the risk of being hacked to the minimum!