Electronic cigarettes are quickly becoming a popular alternative to regular smoking. However, this new phenomenon of vaping has apparently given hackers another vector for deploying malware through infected USB chargers. This shouldn’t entirely be surprising as the potential for USB connections to hide malware has been known, although there is effectively nothing anyone can do to fix it.
The issue first appeared a Reddit where a poster described fixing a computer that was infected with malware from a mysterious source. The system in question was fully up to date and the anti-virus software was working as intended. Essentially, there was no way that the malware could have entered the system from the internet, as the owner of the computer did not visit any questionable websites either.
It was later determined that the owner of the computer had recently taking up vaping and had purchased a Chinese made e-cigarette which had malware encoded into the USB charger. When plugged into a computer to provide power, the malware would connect to the internet and infect the system.
Experts believe that this story is fully plausible as the BadUSB flaw that was detailed two months ago has still not been corrected. Although to be fair, the researcher who discovered the vulnerability believes that it cannot be fixed in the short term and will require replacing every USB device on the planet.
This mainly goes to show that users should be more careful with where they buy their electronics. While it may have not been the intention of the Chinese e-cig manufacturer to sell malware infected devices, it may still lack the necessary safeguards to prevent hackers from tampering with the final product.