30 June 2017


A writer going by the ‘pen name,‘ Wagas posted an article recently on the website, HackRead.com,with the title above. Mr. Wagas writes that hackers are now using the heat/effluents, as a mechanism to insert malware, and/or, hack into mobile devices, and other Internet-connected ‘things.’ Cyber security researcher, Ross Bevington (@FourOctets on Twitter), recently demonstrated how to hack a computer/mobile device at the London B-Sides Conference on cyber security held on June 7, 2017 in London.

Mr. Bevington’s technique involved using the heat/effluents from the e-cigarette to “trick” the mobile device or computer into believing that “it” [the e-cigarette], “was a keyboard.” And, Mr. Bevington was also able to “interfere” with the targeted computer/mobile device’s “network traffic,” as well. Hackers are able to successfully utilize this technique, “because most of the e-cigarette’s come with a rechargeable, lithium-ion battery, which can be plugged into a cable, or directly connects to the USB port of a computer,” Wagas wrote.

In a conversation with Europe’s Sky News, Mr. Bevington said that” “He had modified the [e-cigarette] vape pen, by simply adding a hardware chip — which allowed the device to communicate with the laptop…as if it were a keyboard, or a mouse — A pre-written script that was served on the vape made Windows open up the Notepad application; and, typed, “Do you even vape Bro!!!”

Wagas added that, “it is unclear what kind of malware infection can be done,” using this technique; “however,” he warns, “based on [the] WannaCry malware attack, one can expect the worst”; and, one should be even more cautious when using a mobile device around someone, or in a room where vaping is going on. 

As Wagas notes, “this isn’t the first time when news regarding e-cigarettes infecting computers has come out. In 2014, a company executive had their computer infected with malware; and, no amount of cleaning, robust security, or anti-malware protection was able to thwart the data compromise.”: After discovering just how insidious this malware was, security researchers at the company began investigating and discovered that one of their senior executives had recently switched to e-cigarettes in an attempt to quit smoking. Researchers “discovered that the charger of the e-cigarette was compromised [infected]; and, once it was connected to a computer, the malware would connect it to a remote server;” and the game was afoot as they say.

Mr. Wagas/HackRead.com, recommends “to avoid such risks, it is advised [that you] to disable data pins on the USB, and keep only the cable charge[r] to prevent any information exchange between the devices it connects. Alternatively,” Mr. Wagas writes, “use a USB [digital] condom, a gadget that connects the USB, and makes data pins ineffective.”

The technique does require that the targeted victim’s device be unlocked; so, one is reminded again not to leave the digital keys to your device openly available. ‘Poison Tap,’ is a very similar style attack [technique], that will work on — even on locked machines [devices],” Mr. Bevington told Sky News.

The damage from this kind of hack/technique appears to be limited; but, for a persistent, and sophisticated cyber adversary, this initial breach may be just an initial way to get inside a targeted company. Rather than releasing malware and setting off digital alarms, a more worrisome scenario would have the hacker using this technique; and, once successfully inside, proceed to lay low or dormant until they are ready to strike. Once again, the cleverness and ingenuity of the cyber thief never ceases to surprise. Remember, the best cyber thieves haven’t been caught yet; and, it is always the second cyber mouse — that gets the digital cheese.

No comments: