Smoking will not only damage your health but also your computer, as e-cigarettes manufactured in China are reportedly being used to spread malicious software through the USB connection used to charge the device.
A recent post to social news site Reddit detailed how the computer of an executive at a “large corporation” had been infected with malware from an undetermined source. Further investigation apparently revealed that it had stemmed from a $5 e-cigarette bought from the online auction site eBay.
“The executive’s system was patched up to date, had antivirus and anti-malware protection,” Reddit user Jrockilla said. “Web logs were scoured and all attempts made to identify the source of the infection but to no avail. Finally after all traditional means of infection were covered, IT started looking into other possibilities. They finally asked the executive: ‘Have there been any changes in your life recently?’ The executive answered: ‘Well yes, I quit smoking two weeks ago and switched to e-cigarettes.’ And that was the answer they were looking for.”
The e-cigarette was found to have malware hard-coded into the charger, which “phoned home” and infected the system when plugged into the computer’s USB port.
Pierluigi Paganini, chief information security officer at ID management firm Bit4Id, said that electronic cigarettes were just the latest vector to serve the spread of malicious software.
“Hackers are able to exploit any electronic device” to serve malware to a poorly protected network, Paganini said in a blog post.
“Despite the [fact the] idea could appear hilarious, many electronic cigarettes can be charged over USB using a special cable or by inserting one end of the cigarette directly into a USB port.”
Paganini cites other examples of “apparently harmless” USB devices being used as a hacking tool in the past, including a charger for Apple iOS devices like iPhones and iPads.