The long-term health effects of electronic cigarettes - or E-cigarettes - are still open for discussion - but the devices could harm your computer, at least if one report is to be believed.
The Guardian reports that the devices, which charge via USB ports, either on a wall socket or plugged direclty into a PC, can reportedly carry an unwanted payload of malware, at least according to one Reddit poster.
Infection via innocuous-seeming USB devices is far from unknown as these We Live Security reports confirm - but the relatively new technology of E-cigarettes and their chargers is a new infection vector.
E-Cigarettes: A source of malware?
The Reddit poster claims that the E-cigarette lead to a ‘data security breach at a large corporation’.
He said, ‘Finally after all traditional means of infection were covered; IT started looking into other possibilities. They finally asked the Executive, “Have there been any changes in your life recently”? The executive answered “Well yes, I quit smoking two weeks ago and switched to e-cigarettes”. And that was the answer they were looking for, the made in china e-cigarette had malware hard coded into the charger and when plugged into a computer’s USB port the malware phoned home and infected the system.’
Signing himself ‘an IT guy’, the story is far from being an epidemic - but it does highlight how easy it is to insert malware into unexpected devices at all points in the supply chain.
Supply chain attacks
Technology companies including Cisco, IBM and Microsoft already back an Open Group programme to protect computer hardware from spyware added to components in the supply chain.
The goal is to “safeguard the global supply chain against the increased sophistication of cybersecurity attacks,” Open Group said in a statement. A new open standard, Open Trusted Technology Provider Standard (O-TTPS), aims to provide governments and companies with peace of mind when buying off-the-shelf IT products.
ESET researcher David Harley says in a blog post , “There’s a lot more to a supply chain than the production line. The number of entry points for the insertion of malicious software is so much greater, right up to the time the system hits the customer’s desk.”
