E-cigarettes spreading malware via PC USB ports

Electronic cigarettes may be better for your lungs, but they're not so great for your laptop

E-cigarettes imported from China are spreading malware to computers when connected to them via USB ports. 

According to a user on Reddit, malware infected the PC after an e-cigarette was plugged into its USB port to charge up.

"The made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer's USB port the malware phoned home and infected the system," said Jrockilla.

This came to light when an executive at the company where the Reddit user worked had a PC with malware discovered on it.

Advertisement - Article continues below
Advertisement - Article continues below

"The executive's system was patched up to date, had antivirus and anti-malware protection," said Jrockilla. "Web logs were scoured and all attempts made to identify the source of the infection but to no avail.

"Finally after all traditional means of infection were covered, IT started looking into other possibilities. They finally asked the executive: 'Have there been any changes in your life recently?' The executive said: 'Well yes, I quit smoking two weeks ago and switched to e-cigarettes.' And that was the answer they were looking for."

Stuart Morgan, senior security consultant with MWR InfoSecurity, said users should always be wary of connecting any USB device to a computer.

"Even if you believe that it is just to charge it, could [it] allow or facilitate compromise (because computer USB ports are not power-only ports)," he said.

Devices can look innocent, but other items that can be charged through USB ports include: torches, portable power packs, hands free mobile phone kits, cup warmers, satnavs and some wireless headphones.

"It is important that everyone realises that this attack vector is not specific to e-cigarettes; any device that is connected to a computer could contain a malicious payload," said Morgan. "People may get fixated on electronic cigarettes but forget the multitude of other devices which could present the same level of risk."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Best free malware removal tools 2019

23 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
cyber security

If not passwords then what?

8 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020