Chinese E-Cigarettes reportedly spreading malware via USB
We know that perhaps E-Cigarettes are a better and healthier choice for smokers than normal ones, but a new report suggests that it may not be so healthy for your computer. E-cigs from China were apparently found be to manufactured to spread malicious software through their USB connection to PCs.
The Guardian draws on a recent report posted on social news site Reddit which cited that at least one E-Cigarette “vaper” at a “large corporation” has found himself the victim in trusting his e-cigarette manufacturer with his computer USB ports.
“One particular executive had a malware infection on his computer from which the source could not be determined. The executive’s system was patched up to date, had antivirus and anti-malware protection,” Reddit user Jrockilla writes. “Web logs were scoured and all attempts made to identify the source of the infection but to no avail. Finally after all traditional means of infection were covered, IT started looking into other possibilities.”
Further investigation revealed that the malware had stemmed from a $5 (£3.20) E-Cigarette bought from eBay. “The made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer’s USB port the malware phoned home and infected the system.”
With E-Cigarettes being just the latest vector to serve the spread of malware, the incident raises more concerns over a recent proof-of-concept attacked called “BadUSB”, which exploits widely spread USB controller chips which have no protection from reprogramming at the hardware level.
Rik Ferguson, a security consultant for Trend Micro told The Guardian that “a very strong case can be made for enterprises disabling USB ports, or at least using device management to allow only authorised devices.” He added that “For consumers it’s a case of running up-to-date anti-malware for the production line stuff and only using trusted devices to counter the threat.”