An electronic cigarette, which is charged via a USB port, can be used to break into a PC. With an additional microcircuit, the cigarette impersonates the keyboard and causes the OS to execute incoming commands. The set of possible attacks is limited - the executable code should be small.
Hacking a PC with a cigarette.
Electronic cigarettes can be used to hack a computer, with a minimum of effort. This was reported by the researcher of cyber security Ross Bevington (Ross Bevington). At the BSides London 2017 conference, he demonstrated the hacking process. According to the researcher, his tactics are effective for unlocked systems, but it is possible to develop such an attack scenario through a cigarette, which will work on blocked PCs.
Since electronic cigarettes are charged through the USB port, owners often connect them to a computer, and not directly to an outlet. Installing an additional microcircuit in the cigarette, you can convince the PC that it's a keyboard. Accordingly, the OS will start executing all commands coming from the connected device. Another option is possible: the cigarette begins to interact with network traffic, which also leads to hacking.
According to Bevington, the electronic cigarette can not accommodate too much code, which imposes restrictions on the choice of malicious software. For example, the known program-extortionist WannaCry is hundreds of times higher than the cigarette limit. However, theoretically, a cigarette can be modified in such a way as to load a more voluminous file from the Internet.
Independent Confirmation.
The opening of the Bevington was confirmed by an Internet user named FourOctets, who posted a video on Twitter that demonstrates the mechanism of such an attack. On the video, the user connects an electronic cigarette to the laptop, after which the computer begins to perform extraneous codes. For example, on the screen itself a certain phrase occurs, or malicious software is loaded into the laptop's memory.
As explained by FourOctets, he used the same tactics as Bevington: he made the computer recognize the cigarette as a keyboard or mouse. To download and execute a malicious file on the PC, it was required to write a script consisting of less than 20 lines.
Known Incidents.
In 2014 year. A Reddit user named Jrockilla described a real case of hacking a corporate computer using an electronic cigarette. The incident occurred in a "large company", whose name is not specified. On the computer of one of the managers, malware was detected. The company's IT department for a long time could not figure out where it came from:
the computer had a modern, up-to-date protection.
Looking at various options, IT professionals finally asked the manager, there have been in his life recently any changes. He replied that two weeks ago he switched from conventional cigarettes to electronic. IT staff asked her to show. This was the device of the "gray" Chinese brand, bought for $ 5 on EBay. Testing showed that after connecting to a USB port, the cigarette sends a signal to its "home" system and infects the computer.