E-Cigarettes Can Hurt Your Computer

E-Cigarettes

Yet more evidence that smoking is bad for you: A brand of e-cigarettes manufactured in China, has been found to carry malicious software that can be implanted into a computer when plugged into a USB port for recharging.

E-cigarettes are in actual fact, electronic vaporizers that heat a liquid solution into an aerosol mist that offers the sensation, nicotine and flavorings of tobacco cigarettes, supposedly without its harmful effects, although being a new technology, its risks as a nicotine replacement product are as yet largely uncertain. The heating element can be charged through a computer’s USB port, and this is where the malware was released.

The story, detailed on Reddit, points out that an executive at a “large corporation” found his computer had been infected with malware from an undetermined source. An extensive IT scouring showed his computer’s antivirus and anti-malware protection was fully up-to-date, and it was only after he was questioned about recent changes to his lifestyle that mention of the e-cigarettes was made. They had been purchased on eBay for $5.

A report from The Hacker News quotes Trend Micro security consultant Rik Ferguson as saying, “Production line malware has been around for a few years, infecting photo frames, MP3 players and more.” The report goes on to highlight how in 2008, a photo frame produced by Samsung shipped with malware on the product’s install disc.

Although these incidences are reasonably rare, they highlight a permanent reality that hackers are constantly searching for ways to exploit any electronic device to serve Malware to a poorly protected network, and USB ports become one of those overlooked areas – a simple charging or connection port that for most users has a limited, yet convenient function.

The Hacker News article describes the malware app BadUSB that was recently able to “spread itself by hiding in the firmware meant to control the ways in which USB devices connect to computers.” Rik Ferguson is quoted as suggesting “a very strong case can be made for enterprises disabling USB ports, or at least using device management to allow only authorised devices.

By Steve Prentice

Gary Bernstein
Managing Your Internal IT Your company's internal IT team is responsible for keeping things running smoothly, and they deserve all the support you can give them. Here are ten ways to make their lives easier ...
Using Data Scraping to Learn What You Need to Know
Data Scraping Opportunities How can you know what you don’t know? It sounds like a rhetorical question, but it is in fact a vital component of business strategy. As much as any company or organization ...
Derrek Schutman
Implementing Digital Capabilities Successfully Building robust digital capabilities can deliver huge benefits to Digital Service Providers (DSPs). A recent TMForum survey shows that building digital capabilities (including digitization of customer experience and operations), is the ...
David Dymko
Working with virtual machines and or Kubernetes A conversation with David Dymko, Director of Engineering for Cloud Native Development at Vultr.com If you work with virtual machines and or Kubernetes, and if you have some ...
Gary Taylor
Hybrid Worker Risks Organizations are under pressure to secure their remote workers, but they are also worried about the potential impact on user experience. Can they have it both ways without compromise? The pandemic has ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.