People who charge electronic cigarettes charged via the USB port can help hackers to get into your PC quickly. They can put an additional microcircuit in such a device, that will make computer to recognize cigarettes as the keyboard. So it will make the OS perform input commands. The only disadvantage is that code should not be very big. Otherwise, it will not fit into a limited space of e-cig.
How does this work?
The opportunity of hacking computers with electronic cigarette (check that) was reported by the researcher in the field of cybersecurity Ross Bevington at the BSides London 2017. The expert demonstrated the process of hacking during his report. According to the researcher, his tactics are effective for open systems. However, it is possible to perform such an attack through a cigarette, which will work on protected PCs.
According to Bevington, an e-cig vaporizer cannot accommodate a very volumetric code. The well-known program WannaCry, for example, is hundreds of times larger than the built-in memory of a cigarette. However, the researcher says, the accessory can be modified in such a way to download a larger file from the Internet, although he did not conduct such an experiment.
More cases of hacking with e-cig
The user of the Internet FourOctets confirmed the invention of the Bevington. He posted a video in the social network Twitter, which demonstrates the mechanism of such an attack. On the video, the user connects an e vapor to the laptop, after which the computer starts to execute third-party codes. Random phrases begin to appear on the screen, and malicious software starts to download to the PC’s memory.
As explained by FourOctets, he used the same tactics as Bevington. He forced the computer to recognize the cigarette as a keyboard or mouse. To download and execute a malicious file on the PC, you had to write a script consisting of less than 20 lines.
In 2014, a Reddit user named Jrockilla told about a real case of hacking a corporate computer using an electronic cigar. There was a malicious software in the machine of an associate. The IT department of the company tried to understand for a very long time the source of it. Running through various options, IT specialists finally asked the manager if he uses any electronic devices. He replied that two weeks ago he switched from conventional cigarettes to electronic cigarettes. Then IT staff disassembled it into details. It was the device of an unknown Chinese brand, bought on eBay for $ 5. Testing showed that after connecting to a USB port, the cigarette sends a signal to its “home” system and infects the computer.
How to protect my device?
If you do not want to be a victim of cyber attacks on your computer, do not neglect the safety rules. Even if at first sight the electronic cigarette does not look like a threat, it may influence the whole company system just by using a computer to charge your device.
“If you run a business you should invest in some monitoring solution that can alert your security team when something like this attack occurs,” Bevington said.
So, believe or not, but maybe your vaping device also contains a chip which can break your computers.
Neglecting of own security on the Internet leads to massive hacking and infection of devices. Most hackers aim at obtaining commercial benefits. If the user’s computer does not have valuable information about bank cards or state secrets, it won’t be so interesting for a hacker. But still, it is better to be reinsured.
Necessary steps to protect your computer
1. Do not charge your e-cigarette with computer
The owners of unique e-cigs often connect them to the computer, not to the charger in the outlet. As you have read before, installing an additional microcircuit in the cigarette can convince the PC that it is a keyboard. Thanks to this OS will execute all the commands that come from the connected device.
The solution: Just use the outlet to charge your device.
2. Do not create easy passwords
According to the company Keeper, which produces software for storing passwords), the passwords “123456”, “123456789”, “qwerty”, “12345678” and “111111” became the most common among people who were hacked in 2016. Keeper picked up the 25 most common passwords and stated that more than 50 percent of people use them.
So, to hack someone’s mailbox, Internet banking system or cloud storage, it is enough to substitute one of the passwords listed by the resource. To do this, there are already programs, which are used to enumerate digits and select a five-digit password in a few seconds.
The solution: The password must consist of at least 10 characters, letters, numbers, punctuation. It also should have a different case (upper and lower). The characters of such a password should not be put into persistent expressions (even if transliteration). Also, you can not use one password for different services or use “secret questions” – the nickname of your first dog, your mother’s maiden name. Remembering several such passwords is difficult, but it worth it!
3. Double authentication
To protect yourself from hacking, making the right password is not enough. That is why most services now use two-factor authentication (2FA). With this method, the system recognizes the user in two ways. Typically, this is something that the user knows (for example, a password or a pin code). The second sign can be a thing that belongs to the user – a smartphone. It receives SMS-notification with a new password, or push-notification, on which you need to confirm the input. And the third factor is user biometrics. This is a fingerprint or face scan.
The solution: It is not safe to use only one method. Even a fingerprint can be “removed” from the screen of the smartphone or someone can steal it and use the code to pass the input.
4. Avoid extraneous links
If the user sees new mail, he will most likely open it. There could be a link which he follows and gets on the start page of the social network or the mail service. The user enters his password, and nothing happens. Considering that he was “thrown out” from the system, he can re-enter his login and password. However, the “start page” is just a forgery, and the user’s data fall into the hands of hackers. It was this story that happened to one of the members of the US Democratic Party. As a result of the following a third-party link, he filled out the forms of the mailbox, and the attackers got access to the mail of the members of Hillary Clinton’s party.
The solution: If you find such emails, they should be immediately marked as spam and not open at all.