PC viruses hidden in cheap usb devices is not a new thing, but now ecigarette chargers may have been targeted by Malware and Spyware developers.
For years hackers have been installing viruses on such things as counterfeit phones, mp3 players, pc equipment and digital photo frames but now there is evidence that an ecig may have caused a security breach.
A report on Reddit says that a malware infection was traced to an ecig after all other avenues had been explored.
The reddit article suggests one vaper has been infected, trusting their cheap ecigarette. “One particular executive had a malware infection on his computer from which the source could not be determined. The made in China e-cigarette had malware hard-coded into the charger, and when plugged into a computer’s USB port the malware phoned home and infected the system.”
Rik Ferguson, from Trend Micro Security, says the infected ecig charger story is entirely plausible and not a new tactic used by hackers. “Production line malware has been around for a few years, infecting photo frames, MP3 players and more.” he says. In 2008, for instance, a photo frame produced by Samsung shipped with malware on the product’s install disc.
Even more alarming is a recent invention named “BadUSB”, which has the ability to recode USB devices firmware. “Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming,” states SRLabs, which created the mentioned code.
Combine the two, says Ferguson, “and a very strong case can be made for enterprises disabling USB ports, or at least using device management to allow only authorised devices. For consumers it’s a case of running up-to-date anti-malware for the production line stuff and only using trusted devices to counter the threat.”
A report on social news site Reddit suggests that at least one “vaper” has suffered the downside of trusting their cigarette manufacturer. “One particular executive had a malware infection on his computer from which the source could not be determined,” the user writes. “After all traditional means of infection were covered, IT started looking into other possibilities.
“The made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer’s USB port the malware phoned home and infected the system.”
Rik Ferguson, a security consultant for Trend Micro, says the story is entirely plausible. “Production line malware has been around for a few years, infecting photo frames, MP3 players and more,” he says. In 2008, for instance, a photo frame produced by Samsung shipped with malware on the product’s install disc.
Even more concerning is a recent proof-of-concept attack called “BadUSB”, which involves reprogramming USB devices at the hardware level. “Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming,” says Berlin-based firm SRLabs, which released the code.
Combine the two, says Ferguson, “and a very strong case can be made for enterprises disabling USB ports, or at least using device management to allow only authorised devices.
“For consumers it’s a case of running up-to-date anti-malware for the production line stuff and only using trusted devices to counter the threat.”
“Any electrical device that uses a USB charger could be targeted in this way, and just about every one of these electrical devices will come from China,” he adds.
Vapers can remain safe by buying from respected manufacturers such as Aspire, KangerTech and Innokin and buying from trusted shops and sellers.
Source: Vaping Article