Malware can be spread from e-cigarettes to PCs: report
24 Nov 2014
E-cigarettes might be marketed as a better alternative for the health of smokers than normal cigarettes, but not for their computers as the gadgets had emerged the latest vector for malicious software, according to online reports, The Guardian reported.
Many e-cigarettes could be charged over USB, either with a special cable, or by plugging the cigarette itself directly into a USB port plugged into a wall socket or the port on a computer. However, that meant that cheap e-cigarettes from an untrustworthy supplier could gain physical access to a device.
According to a report on social news site Reddit, at least one ''vaper'' had suffered the consequences of trusting the cigarette manufacturer.
It said one particular executive had a malware infection on his computer, the source could not be determined. ''After all traditional means of infection were covered, IT started looking into other possibilities.
''The made in China e-cigarette had malware hard-coded into the charger, and when plugged into a computer's USB port the malware phoned home and infected the system.''
The Guardian quoted Rik Ferguson, a security consultant for Trend Micro, as saying this story was entirely plausible, adding that production line malware had been around for a few years, infecting photo frames, MP3 players and more.
Meanwhile, author Cory Doctrow blogged on boingboing.net about a memorable conversation with a friend who is a very senior official in the US intelligence community last summer. His friend claimed that a huge proportion of USB devices were shipped with malware loaded on them.
He added that the security protocols practiced by the entities he worked in prohibited the use of USB drives except those from a single, certified US-based vendor.
However, both that conversation and The Guardian's article hinged on the perception of untrustworthy Chinese manufactures, serving as agents for military and industrial espionage, writes Doctrow. The management of China's Huawai had pointed out, that there was no public evidence behind the perception and, if anyone was hacking anyone, it was US spy-agencies hacking Huawei -- and US-made gear, like that from Cisco.
In other words, the governments responsible for a $250,000,000- per year programme of technological sabotage against the technology that the world relied on every day ''were the loudest voices in the chorus warning against Chinese state-industrial malware.''