Skip to main content

Be careful before using your PC to charge up your e-cigarette for your next vaping fix

researcher shows e cigarettes can be source of malware vaping guide header 640x0
Image used with permission by copyright holder
Not a day goes by, it sometimes seems, that we don’t hear about another way that hackers can attack our systems and steal our information. Keeping a system locked down and secure can seem like an impossible task when it can be vulnerable in ways that we’d never suspect.

One recent example is some work done by researcher Ross Bevington, who showed that the seemingly innocuous and decidedly low-tech e-cigarette can be used to break into a machine, as ExtremeTech reports. Don’t panic yet, however, because it’s not the vaporous aspects of e-cigarettes themselves that are at fault.

Bevington demonstrated the method of attack using an e-cigarette in a video that he shared on Twitter:

https://twitter.com/FourOctets/status/867764655954866176?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.extremetech.com%2Fcomputing%2F250997-e-cigarettes-can-used-hack-computers-encourage-start-smoking

Basically, e-cigarettes require power to function, given that they heat up liquids to create vapors that users inhale as a substitute for burning tobacco. As with many devices today, some rechargeable e-cigarettes come equipped with USB connections to draw power from PCs. That USB connection provides a handy way to keep vaping when you can’t get to a wall socket.

The problem is that any device that can plug into a USB port can hide electronics that can host malware that executes commands when plugged in and wreak havoc on a system. PCs have been designed to make it easy to run programs when USB drives are plugged in and that very convenience can make a system vulnerable to attack. The problem is so severe that some people are making tools that sit between a USB port and the outside world, forming an elaborate barrier.

Of course, e-cigarettes aren’t dangerous out of the box, and if you only use ones that you’ve purchased and don’t let random people plug theirs into your PC, then you’re probably safe. Rather, the real concern is that you could acquire an e-cigarette from a sketchy source that’s been modified to include PC-like smarts.

USB-based malware attacks are nothing new, nor are tools that can literally fry a motherboard merely by plugging in what looks like a typical USB flash drive. While modern systems do have some safeguards built in to stop code from executing, plenty of examples exist that enable these systems to be bypassed. The simplest response is to follow a strict policy of never plugging anything into your USB port if you’re not 100-percent certain it’s safe — and that includes waiting until you get to a plug before charging up your e-cigarette for a quick fix.

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more