Story image

Hackers are able to target your e-cigarette... Is nothing sacred?

29 May 2017

Vaping isn’t much safer than smoking - but not in the way you think.

With a few simple tweaks to a vaporizer, a security researcher has demonstrated that the device made to be an alternate to smoking can be modified in such a way as to pass code to your computer.

It’s a story as old as the internet. It begins with the USB port, as do a whole plethora of other security problems. USB ports are used for both charging and the transfer of data, which often means they are the most convenient place to plug in a phone, e-reader, tablet, or any other device that can charge or be topped up with data. In this case, a vaporizer.

In a video demonstrating his work, the security researcher, who goes by FourOctets, plugs an e-cigarette into a computer's USB and the device immediately lights up as if to charge. A few seconds go by and the computer starts to react.

"DO U EVEN VAPE BRO!!!!!," reads a pop up message on the screen. Essentially, the vaporizer issued a custom command to the computer, and the computer obliged happily.

While the researcher has no ill-intent, it is easy to imagine someone more morally bankrupt loading a computer with something less amusing. Think keyloggers, or ransomware.

For the vapers out there worried, it’s not a simple case of just accessing someone’s e-cigarette. It requires quite a bit of hands on work.

"It started as more of a joke than anything," FourOctets says on Twitter.

"This is done with extra hardware and a little bit of code. Another goal usually when doing dumb stuff like this is that stuff is not always what it seems and that random stuff that can plug into a computer can be dangerous," he explains.

"A lot of folks aren't aware that something like this is even possible whether it be with firmware or added hardware and a tiny bit of code found online."

In short, should you be worried that your vape is compromising your PC?

"It's probably pretty unlikely to ever get something like this from the factory that would do this," FourOctets noted.

“But the possibility is there and people need to be mindful of that."

So there you have it. It’s probably not necessary to run to the gas station and pick up your old favourite pack of smokes, and you can probably keep vaping without being hacked. It’s important to realise that your devices are always exposed to risks you would never comprehend, and it’s not a terrible idea to keep your antivirus up to date on your home computer.

Gartner: Smartphone biometrics coming to the workplace
Gartner predicts increased adoption of mobile-centric biometric authentication and SaaS-delivered IAM.
Samsung & Trade Me offer AI-powered shopping
The smartphone camera & AI-powered tech, Trade Me says, is a ‘glimpse into the future of shopping’.
Neill Blomkamp's 'Conviction' is a prequel to BioWare's Anthem
You may remember Neill Blomkamp’s name from such films as District 9, Chappie, and Elysium. If you’ve seen any of those films, the short teaser trailer will seem somewhat familiar to you.
Security flaw in Xiaomi electric scooters could have deadly consequences
An attacker could target a rider, and then cause the scooter to suddenly brake or accelerate.
617 million stolen records up for sale on dark web
It may not be the first time the databases have been offered for sale.
IBM’s Project Debater unable to out-debate human
At this incredible display of technology, the result was remarkably close but the human managed to pip the machine in this instance.
LPL to broadcast weekly programming on Sky Sports
Let’s Play Live (LPL) has now announced it will broadcast weekly programming for the rest of 2019 on the Sky Sports channel from Sky TV. 
When hackers get the munchies, they just steal McDonalds
What happens when hackers get the munchies? Apparently in Canada, they decide to put their ‘hamburglar’ gloves on and go after unwitting people who happen to use the McDonalds app.