This site may earn affiliate commissions from the links on this folio. Terms of apply.

SmokingComputer

So-called electronic cigarettes (e-cigarettes) accept become increasingly popular over the past few years, as the number of people who smoke traditional cigarettes in the United States has connected to reject. Proponents of e-cigarettes have argued that they tin help people stop smoking (and I'm personally friends with one onetime smoker who used e-cigarettes equally a stepping stone to quitting nicotine birthday). Proponents also say they're less dangerous than conventional tobacco.

Others have argued that the aerosolized fluid that e-cigarettes create can create health issues of its own. A number of businesses prohibit vaping along with smoking. Now, security researchers have demonstrated e-cigarettes tin can be used as a potential attack vector against PCs and laptops. It's 10 PM. Do yous know where your desktop is?

Researcher Ross Bevington gave a presentation at BSides London this calendar week, showing how an e-cigarette could be used to attack a system. Rechargeable east-cigarettes often feature a USB port to allow them to be plugged in and recharged from a laptop or desktop, rather than keeping the end user tethered to a wall wart. But this allows them to be outfitted with boosted hardware in the device — hardware that tin be used to automatically execute commands when plugged into a PC, thanks to Autoplay. Another hacker, FourOctets, has created a video of how this kind of assail can work, embedded below.

In this example, the script was harmless, displaying "Practise you even vape bro!!!!" It's non hard to see how this kind of attack could rapidly escalate from amusing into non-so-amusing territory, and enquiry has shown that most of us will happily selection up a strange USB bulldoze off the footing and plug it into the closest figurer to see what it might incorporate — even though that's an excellent style to get one'due south equipment fried.

FourOctets showed Sky News a demo that could order a calculator to download a malicious runtime, though capabilities like User Business relationship Command (UAC) baked into Windows 10 should at least inquire the user if they want to execute a downloaded EXE file before really doing it. Then again, this assumes that finish users are enlightened of the dangers of said files and pay attention to UAC messages before clicking OK.

I can't assistance wondering if the east-cig hack couldn't be paired with a USB Kill Drive to create something that looks like an eastward-cigarette, but promptly fries the machine it'southward plugged into. I can't remember of whatsoever reason why not, which is why our headline for this story is a flake (just not entirely) tongue-in-cheek.