Sunday, 18 June 2017

On 23:45 by admin   No comments
The use of the increasingly popular smoking alternative e-cigarettes may be 95 percent safer than smoking a traditional cigarette, but they may not be so safe for your computers, according to two new demonstrated proof-of-concepts.
The first comes from security researcher Ross Bevington, who demonstrated at a recent convention how an e-cigarette could be easily used to attack a computer by either interfering with its network traffic or fooling the machine into thinking the vape is a keyboard or mouse. The demonstration required a victim’s machine to be unlocked, but Bevington told Sky News that was not the case for all attacks. He noted that PoisonTap, a form of malware that is freely available, could be used in an e-cigarette and would work with locked personal computers.
The second e-cig hacking possibility comes from a security engineer and malware researcher by the name of FourOctets, who recently posted a 22-second proof-of-concept video. It showed a modified vape pen hijacking and running code on a Windows laptop it had been plugged into. FourOctets’ method was more complicated. as he told Sky that he had modified the vape pen by adding a hardware chip which allowed the device to communicate with the laptop.
For those not familiar with e-cigarettes, they are charged via a standard USB cable, meaning that they can be plugged into a power socket or a USB slot on any computer. Although e-cigarettes don’t always come with complicated electronics, some do include built-in chips and basic storage, meaning that, like a USB stick, they can be used as an attack vector.
The good news is that both FourOctets and Bevington only showed proof-of-concepts. That means there are no examples of e-cigarettes being used to hack computers yet in the wild. But now that it’s possible, it’s only a matter of time until malicious hackers start using them to give smokers an electronic form of cancer.


Post a comment