Pinterest Stumbleupon Whatsapp
Ads by Google

It’s been a rough few months for the embattled e-cigarette industry. Although intended to be a safer alternative to tobacco, the devices have been under attack by regulators in the US and Europe who have expressed health concerns about the nicotine-enriched liquid used. And now, there’s a new worry surrounding them that nobody expected.

Your e-cigarette might be harmful to your computer’s health.

Most electronic cigarettes contain a rechargeable lithium-ion battery which is replenished via a USB connection. That could be from a wall-socket, or, critically, from a computer.

ecigarette-smoke

There have, however, been reports of some people having their computers infected with malware as a result of connecting their e-cigarettes. According to a post on social news website Reddit, an unnamed large corporation suffered a data breach due to one executive’s penchant for e-smokes.

“One particular executive had a malware infection on his computer from which the source could not be determined”, the user, Jrockilla, wrote. After a long investigation our pseudonymous IT employee started looking into other possibilities.

Ads by Google

“The e-cigarette had malware hard coded into the charger and when plugged into a computer’s USB port the malware phoned home and infected the system.”

It’s impossible to tell whether this story is true or not but it does raise an interesting question: can that $5 gadget you bought off eBay damage your computer? And if so, how can you protect yourself?

Malware, Pre-Installed?

Despite what you might expect, it’s not unheard of for electronic devices to leave the factory with malicious software installed.

What is even more surprising is that it’s not limited to fly-by-night electronics manufacturers producing cheap knock-offs How to spot an iPhony! Are GooPhones as Good as iPhones? How to spot an iPhony! Are GooPhones as Good as iPhones? Do you own an iPhone 5? Or do you wish you could own Apple’s latest but can't afford the ridiculous cost? It may surprise you to hear that the iPhone 5 has a cheap knock-off... Read More . There’s a startling number of household names who’ve found themselves in the awkward position of having accidentally shipped malware with their products. Just ask Apple.

In October, 2006, they were left red-faced after it transpired some Video iPods had been sold with ‘RavMonE.exe‘ present on their internal storage. This is a variant of the RJump family of malware which, when executed on a Windows-based computer, opens a back-door that would allow an attacker to gain remote access to the infected machine.

ecigarette-ipod

It’s hard to tell how the infection occurred, but experts believe it happened, ironically, during the process of quality assurance testing. In an interview given at the time, then Sophos employee Graham Cluey said “It’s most likely that some of the Video iPods were plugged into a Windows PC for testing purposes at Apple’s Chinese-based contractor’s manufacturing plant”.

Two years later in 2008, Samsung found themselves in a similar position when one of their digital picture frames shipped with a keylogger infected driver install disk. Much like the Video iPod, it is believed the malware crept in during the manufacturing process.

And earlier this year, we learned about BadUSB Your USB Devices Aren't Safe Anymore, Thanks To BadUSB Your USB Devices Aren't Safe Anymore, Thanks To BadUSB Read More — a seemingly unstoppable security flaw found in nearly all USB devices. This vulnerability is incredibly difficult to defend against, and could see malware being distributed via the firmware of USB devices.

It’s important to remember that most malware infections happen as a result of user activity, be that clicking on a malicious advert, or downloading something they probably shouldn’t. Yet, time and again we’ve seen that it’s possible for infections to happen as a result of manufacturer negligence.

How Can I Protect Myself?

Protecting yourself against rogue USB devices is easier than it sounds.

Firstly, where possible, you should try to avoid plugging untrusted devices into your computer. This is already common knowledge when it comes to flash drives Why USB Sticks Are Dangerous & How To Protect Yourself Why USB Sticks Are Dangerous & How To Protect Yourself USB drives are so pervasive in today’s world of technology, but when they first debuted, they revolutionized data exchange. The first USB flash drives had an 8MB capacity, which isn't much by today’s standards, but... Read More , especially in corporate environments where there are serious concerns when it comes to data exfiltration. Unfortunately, the same awareness doesn’t quite exist when it comes to other USB-powered gadgets.

ecigarettes-usb

The only sure-fire way to protect yourself is to avoid plugging stuff into your computer unless you can absolutely vouch for it. Ideally you should use a wall charger. However, if this isn’t an option, you can always use a charge-only USB adaptor.

These work just like standard USB cables, but with one key difference: the data cables have been snipped, meaning it only allows power to pass through. You can get your hands on one of these cables on Amazon. They’re cheap too, with most retailing for only a few dollars, and could mean the difference between having a clean, secure computer, and a virus-laden nightmare.

Prevention Is Better Than Cure

For e-smokers, The Guardian’s coverage of this story has came with some helpful advice:

Dave Goss, of London’s Vape Emporium, says that vapers can remain safe by buying from respected manufacturers such as Aspire, KangerTech and Innokin, and by checking for “scratch checkers” on the box, which mark out authentic goods from counterfeits.

For everyone else, the advice is the same. Be wary of no-name or counterfeit electronics. Ensure your computer is patched and updated, and runs an up-to-date anti-virus package. And if you don’t trust it, don’t plug it into your computer.

Ever had your computer infected as a result of a USB device? I want to hear about it. Drop me a comment below and we’ll talk.

Photo Credits: E-Cigarette Mod: Vamo V5 (Lindsay Fox), iPod Video (Zach Petersen)USB Drive (Sam Davyson)Astro & KFL (Terry Ozon) 

  1. Kannon Y
    November 26, 2014 at 11:26 pm

    Reading the titled, I thought the article would cover the various dangers that aerosolized liquid can have on computer health -- the increased humidity, the oils, etc...

    Pleasantly surprising and yet simultaneously terrifying that it was actually keyloggers and malware related. Great roundup Matt!

    • Matthew Hughes
      November 30, 2014 at 4:50 pm

      Thanks man! Admittedly, I didn't think of that angle!

      Cheers!

  2. dragonmouth
    November 26, 2014 at 4:09 pm

    "vapers can remain safe by buying from respected manufacturers such as Aspire, KangerTech and Innokin,"
    Silly advice since as you point out in the article, Apple and Samsung, "respected manufacturers", assited unwittingly in the spread of malware. While it is very convenient to charge your vape from your computer, DON'T! Use your common sense, don't be like a baby that shoves everything in its mouth, by shoving every electronic device into your computer just because you can. Use their dedicated chargers. Stupid is as stupid does.

    • Matthew Hughes
      November 27, 2014 at 11:25 am

      It wasn't my advice, Dragonmouth. I was quoting the Grauniad. ;)

      That said, my point with respect to Apple and Samsung wasn't that being infected by a manufacturer was an inevitability, but rather that it's possible.

      Cheers for your comment man!

    • dragonmouth
      November 27, 2014 at 1:08 pm

      Matt,
      I know it wasn't your advice. I guess I was just reiterating your point that buying from "respected manufacturers" does not guarantee anything.

  3. Jean-Francois Messier
    November 26, 2014 at 4:05 pm

    This is becoming a very common problem, with more devices that are first intended to be a simple, single-use device, which hides other malicious code. This can happen on anything now, and I recently pledged on a Kickstarter project. A device that will ensure that all you get from your computer is 5V POWER, nothing else. The device is named Umbrella USB. You connect it in your computer, then AND ONLY THEN, connect your device to recharge it. Your computer will provide power to your device to recharge, but will not have access to any of the files your device may contain. It can also ensure that if you connect your cell phone in an internet café, the computer will not pump all your contacts, SMS, and whatever else content off your smart phone. You can find more about Umbrella USB here: https://www.kickstarter.com/projects/sparqee/umbrella-usb

    • Matthew Hughes
      November 30, 2014 at 4:51 pm

      What's the difference between Umbrella USB and any other charge-only cable?

Leave a Reply

Your email address will not be published. Required fields are marked *