E-cigarettes spreading malware via PC USB ports

Electronic cigarettes may be better for your lungs, but they're not so great for your laptop

E-cigarettes imported from China are spreading malware to computers when connected to them via USB ports. 

According to a user on Reddit, malware infected the PC after an e-cigarette was plugged into its USB port to charge up.

"The made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer's USB port the malware phoned home and infected the system," said Jrockilla.

This came to light when an executive at the company where the Reddit user worked had a PC with malware discovered on it.

"The executive's system was patched up to date, had antivirus and anti-malware protection," said Jrockilla. "Web logs were scoured and all attempts made to identify the source of the infection but to no avail.

"Finally after all traditional means of infection were covered, IT started looking into other possibilities. They finally asked the executive: 'Have there been any changes in your life recently?' The executive said: 'Well yes, I quit smoking two weeks ago and switched to e-cigarettes.' And that was the answer they were looking for."

Stuart Morgan, senior security consultant with MWR InfoSecurity, said users should always be wary of connecting any USB device to a computer.

"Even if you believe that it is just to charge it, could [it] allow or facilitate compromise (because computer USB ports are not power-only ports)," he said.

Devices can look innocent, but other items that can be charged through USB ports include: torches, portable power packs, hands free mobile phone kits, cup warmers, satnavs and some wireless headphones.

"It is important that everyone realises that this attack vector is not specific to e-cigarettes; any device that is connected to a computer could contain a malicious payload," said Morgan. "People may get fixated on electronic cigarettes but forget the multitude of other devices which could present the same level of risk."

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
Over two dozen Android apps found stealing user data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

3 Aug 2020