E-cigarette smokers consider yourself warned: that vape pen you love to puff on could expose your computer to malware.
According to a report from Sky News, security researcher Ross Bevington recently demonstrated how to hack a PC with a vape pen during a presentation at BSides London. Bevington showed how a modified e-cigarette, once plugged into a computer to be charged via USB, could attack the machine by interfering with its network traffic or masquerading as a keyboard.
His technique required the victim's machine to be unlocked, though other vape-based attacks will even work on locked machines, the researcher told Sky News.
Bevington isn't the only security researcher warning people about this attack vector. A security engineer and malware researcher who goes by the alias Fouroctets recently posted on Twitter a 22-second proof-of-concept video showing a modified vape pen executing arbitrary code on a Windows-based laptop.
In the video, which you can see below, the researcher plugs the vape pen into the machine, and within seconds, a message pops up on the screen that reads "DO U EVEN VAPE BRO!!!!!"
- FDA Bans Sale of E-Cigs to MinorsFDA Bans Sale of E-Cigs to Minors
"Sorry if I get vape pens banned at your work place," Fouroctets tweeted.
Speaking with Sky News, the researcher said he simply added a hardware chip to the vape pen that allowed it to communicate with the laptop as if it were a keyboard or mouse. The researcher said an attacker would be able to use this method to download and run a malicious file on a victim's PC with less than 20 lines of code, according to the report.
Bevington said users should ensure that their machines are up to date with the latest security patches before plugging a vape pen in to charge. He also recommended businesses invest in a monitoring solution that will flag this type of attack. We'd also advise you to only buy your vape pens from reputable sources.
Every app needs stickers, even a note-taking app.
This adhesive tape is not an official Lego product, but it probably should be.
The epic battery life alone is a marked improvement.
Relax It's Possible (and Fairly Easy) to Hack a PC With a Vape Pen stories
They're designed to protect against future state-sponsored malware attacks akin to last month's WannaCry, but are not a substitute for upgrading your OS.
Crash Override disabled part of the electrical grid in Ukraine last year, and many more power stations could be susceptible, according to security experts.
Cybercriminals have managed to infect PCs if the user so much as hovers over a hyperlink in a PowerPoint slide.
If your Android-powered phone or tablet is lost or stolen, follow these steps to set up the Android Device Manager now.
As well as domestic flights, dozens of airports spread across Europe, the Middle East, and Africa are also under consideration by Homeland Security.
Data is converted into a binary format and transmitted by flashing the LED activity lights while a nearby camera records their output.
A hacker broke into systems for the 'US operating region' and stole sensitive user data
Google's machine learning model in Gmail 'selectively delays messages … to perform rigorous phishing analysis.'
Researchers from security firm Check Point said 'hundreds of millions' of devices running media players such as VLC, Kodi, Popcorn Time, and Stremio are at risk.
Emails spoofed to look like they're coming from DocuSign are attempting to trick recipients into opening attached Word documents that contains malware.
Numerous hospitals across Britain were affected by the ransomware, requiring them to shut down their IT systems and turn patients away.
Rather than being malicious, this looks like negligence by developers. What's more concerning it it's been on HP systems since 2015.
The malware is currently not detected by security suites and uses a valid Apple developer certificate to infect all versions of Mac OS X.
37 restaurants confirmed as having malware installed on point of sale equipment and card details stolen between December and March.
It was meant to be joke malware, but the author managed to infect himself, and the game is impossibly hard.
Tax-themed spam emails increased 6,000 percent from December 2016 to February 2017. Here are some common scams to look out for.
Proving that virtual and real worlds can work together if you have a powerful PC and a very fast motion capture camera.
The search giant released its top queries of the year.
Protect yourself by learning what a business opportunity really is, how the government regulates them, and the steps you should take to ensure you've found the best opportunity available.
Know your enemy and know yourself.
Microsoft has quietly unveiled the Modern Mouse and fingerprint-enabled Modern Keyboard.
Parachute's founder and CEO sounds off on why thread count is a bust-and why she's betting on quality instead.
If you visit an Amazon Store, don't expect to be able to compare prices using your smartphone. Amazon's patent describes blocking such checks and sending a sales rep over to see you.
Canada has ordered all carriers to unlock smartphones for free.
The lawsuit says former Uber executive Eric Alexander obtained the victim's records after the sexual assault and shared them with other executives.
Steven Universe fans are finally getting the RPG they've been waiting for.
China sets quantum transmission record by bouncing a signal 750 miles
Add some flair to your images with algorithms from deep learning neural networks.
The Apple Watch Series 1 drops to $230, plus other deals inlcuding Audioengine's A2+ speakers and the Logitech Harmony Elite remote.
Who doesn't want an Alexa-style speaker that looks like an unsatisfied bear?