tao Posted June 13, 2017 Share Posted June 13, 2017 Even if a vape pen seems like it's simply charging, it could actually be compromising your computer, security researchers warn. Security researchers have demonstrated how e-cigarettes can easily be modified into tools to hack computers. With only minor modifications, the vape pen can be used by attackers to compromise the computers they are connected to - even if it seems just like they are charging. Giving a presentation at BSides London, Ross Bevington showed how an e-cigarette could be used to attack a computer by fooling the computer to believe it was a keyboard or by tampering with its network traffic. While Mr Bevington's particular form of attack required the victim's machine to be unlocked, that was not the case for all attacks. "PoisonTap is a very similar style of attack that will even work on locked machines," Mr Bevington told Sky News. Another hacker and researcher known as Fouroctets published a proof-of-concept video which showed arbitrary commands being entered into his unlocked laptop just after plugging in a vape pen to charge. Speaking to Sky News, Fouroctets said he had modified the vape pen by simply adding a hardware chip which allowed the device to communicate with the laptop as if it were a keyboard or mouse. A pre-written script that was saved on the vape made Windows open up the Notepad application and typed "Do you even vape bro!!!!" The script could have been modified to do something much more malicious, however. Fouroctets showed Sky News how, using less than 20 lines of code, the computer could be made to download an arbitrary and potentially dangerous file and run it. While e-cigarettes could be used to deliver malicious payloads to machines, there is usually very little space available on them to host this code. "This puts limitations on how elaborate a real attack could be made," said Mr Bevington. "The WannaCry malware for instance was 4-5MB, hundreds of times larger than the space on an e-cigarette. That being said, using something like an e-cigarette to download something larger from the Internet would be possible." The best way to protect against these kind of attacks is to ensure that your machine has updated its security patches, said Mr Bevington, and to "have a good password and lock your machine when you leave it". "If you run a business you should invest in some kind of monitoring solution that can alerted your security team when something like this attack occurs," he said. "In all cases, be wary if someone wants to plug something into your machine." < Here > Link to comment Share on other sites More sharing options...
straycat19 Posted June 13, 2017 Share Posted June 13, 2017 2 hours ago, adi said: "In all cases, be wary if someone wants to plug something into your machine." Let's examine what we really have here, so as not to scare the bejesus out of everyone. Would you allow anyone to plug any usb device into your computer? The answer is definitely not, at least not in the last 15 years. And it doesn't matter what it is or for what purpose. Not to charge their e-cig, their phone, their tablet, or to show you a great video or hear a great song they have on their stick. So it really doesn't matter if they found a new device that can be used to hack a computer, because we know we would never allow it to be connected to any of our computers/devices. I have over a dozen USB devices that when plugged in automatically do something bad, from causing your device/computer to burn up, to covertly copying data from your system, to infecting your computer and any network it attaches to with a backdoor that I can use to 'look around', to stealing any login information cached on your device/computer including in memory, and to other mundane tasks like just running useless scripts. Just remember, if it isn't yours it doesn't get connected to your device/computer. Stay safe. Think security, security, security. Link to comment Share on other sites More sharing options...
Sylence Posted June 13, 2017 Share Posted June 13, 2017 This isn't an e-cigarettes hacking a computer, just something designed to look like a e-cigarette. I could stick a similar setup into a muffin, doesn't mean I'm now hacking computers with a muffin. Yes it's a security issue, and yes you shouldn't be plugging random stuff into secure systems. Link to comment Share on other sites More sharing options...
tao Posted June 13, 2017 Author Share Posted June 13, 2017 1 hour ago, saeed_dc said: This isn't an e-cigarettes hacking a computer, just something designed to look like a e-cigarette. I could stick a similar setup into a muffin, doesn't mean I'm now hacking computers with a muffin.... This is like a (male or female or robot) in a burqa robbing a bank. Of course, the burqa didn't rob the bank. Nice observation, however. Link to comment Share on other sites More sharing options...
edwardecl Posted June 13, 2017 Share Posted June 13, 2017 How a USB hampster can be used to hack into a computer... How a USB coffee warmer can be used to hack into a computer... Link to comment Share on other sites More sharing options...
tao Posted June 13, 2017 Author Share Posted June 13, 2017 How a brain can be used to hack anything, including a brain? <Full Stop> What the heck: Hack this, hack that Hack it all. Say anything, and another is sure to say -- hack you. hack you all. What the heck? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.