I was reading through the internet and As mentioned here, the common knowledge of the harmful effects of smoking slowly getting through the mindset of today’s society along the tax laws that helps its prohibition, vaping and e-cigarettes have been on the rise.
They still retain the ‘good’ qualities experienced during smoking like stress relief without the worry of polluting much someone’s or own set of lungs. However, it is fascinating to know that such an innocent device can be very much a helpful tool for any talented hacker.
How to Use as a Hacking Device
Like most gadgets, an e-cigarette can be charged using the USB connection. The only reason why the gadget can be hacked is because the electronic components do not only use the USB connection for recharging energy. It contains ‘memory’, which serves as the control part of the e-cigarette, and can be accessed via the said connection.
According to the security researcher named Ross Bevington, an e-cigarette can represent an input device to a computer like a mouse or a keyboard. With that logic, it can also be used as a storage device for any malicious content that can be downloadable.
Cesare Garlarti, the top security strategist in ‘prpl Foundation’, also validated that theory with the emergence of the system ‘Internet of things’, where every electronic component applied with ‘smart’ technology can be controlled with the use of the internet. Since an e-cigarette can be plugged into the USB port, it has a high chance of integrating itself into the ‘Internet of things’ system and cause various infections.
Risks and Safety Measures
The only assurance for an e-cigarette not to be such a great threat is the size of its memory. This device can carry enough to control the smoking process. Therefore, malicious files with size larger than its memory cannot make it a conduit for infection.
It will be very impossible for an e-cigarette with such a small memory to download malware and viruses larger than its size. However, it can only resist complex codes. Malicious content with simple algorithms can be enough to make the unsuspecting device into a weapon for cybercrime.
Enterprises today have policies to prevent usage of devices that have access to USB ports. This may be effective in some business establishments with strict IT monitoring and security but for an employee who has to go home and access his/her computer, it may present an opportunity.
According to a research by the University of Illinois and the University of Michigan, if a hacker intentionally drops a USB device on the ground, there is a 50 percent chance that a passerby will pick it up and plug it to his/her own computer.
With such a simple act, the hacker has easily made his/her advances. In that logic, if an e-cigarette can be passed around and deliberately shared, then it can be a gateway for cybercrime.
The risks of vaping, in terms of health, may not be as fully complex and severe compared to smoking, for now. However, the threat of using such simple devices as tools for cybercrime seems to be possible and if actually done can lead to disaster. Awareness might be the key to prevention.