Vape pens could be used to install malware on your computer, research warns
In 2017, a four-day cyber attack on US and UK computers affected over 300,000 devices, with total damages amounting to hundreds of millions to billions of pounds. Today, attention is being paid to vape pens being used as the latest weapon to access your personal information.
EDGE Vaping explored the possibility of a vape device being altered to hold malicious information, which can then be used to infect your computer.
Speaking to Ross Bevington, independent researcher and expert in cyber security, the risk factor in question is assessed and preventative measures are explored to defend yourself against this type of attack.
A working vape pen can hide malware
Vape pens are battery-powered devices that, crucially, have the ability to store information. While a brand new vape pen will be virus-free, there is increasing concern that such a device can be modified to hold more malicious information, with the aim of infecting a laptop or PC.
By adding a hardware chip into the device, a hacker increases its storage capacity, thereby allowing it to hold malware. On the surface, the vape would function as intended – but hidden could be a chip waiting to be connected to your personal devices.
When a device is plugged into a computer through a USB port, it forms a potentially dangerous entryway to its system. As vape pens need charging, many will opt to plug them into their computer. If the computer is unlocked, which it often is, access is effectively granted to your personal information.
USBs can fake being a keyboard, tricking computers
A computer will detect the type of device that is being plugged into it, but Ross warns that: “A USB device could potentially pretend to be a keyboard, even if it doesn’t look like one. As a hacker, once you’ve become a keyboard, you can type in anything, such as commands to download malware”.
Commenting on this potential danger, Mike Williams, Head of IT at EDGE Vaping, said: “People need to be aware of the risks involved when connecting unknown devices to their computer. Whilst it should be highlighted that the threat level of hackers using a vape pen to access personal files is low, one can instil good practises to maintain safety with electronic devices. Be sure to use trusted devices and software, and only buy vape pens from reputable sellers.”
A vape pen’s hackability is limited
Developing on the likelihood of a vape pen being manipulated maliciously, Ross said: “E-cigarettes are really constrained into both connectivity and storage, which limits their use in malicious scenarios.”
The malware used in the 2017 “WannaCry” cyberattack was 4–5MBs, which is around 100 times bigger than the storage of a typical e-cigarette.
Ross said: “Realistically, you should worry more about running dodgy software and ensuring that your machine is up to date with the latest software updates.”
Don’t trust the Trojan horse
Before plugging any device into a computer, take the time to consider its trustworthiness. If you’ve found a USB on the ground, for example, you should contemplate not picking it up at all, never mind connecting it to your computer.
Likewise, if an acquaintance is looking to plug something into your computer’s USB socket, make sure they trust the device and its source.
To protect their IT systems from cyber-attacks from USB devices, many businesses use appliances that connect to the USB port and only allow a device to charge. Ross said: “Businesses can often use existing software to lock down a user’s workstation to only devices in an ‘allow’ list.”