It goes without saying that technology now plays a larger part in our everyday lives than ever before. Phones, tablets, computers, smartwatches, Fitbits, and other fantastic technologies have revolutionised the way we live and provided us with near limitless access to information. In return, many of these devices collect and store a lot of data about us.
Regrettably, this means individuals with malicious motives have more methods than ever to access our personal information. Hackers can utilise technological devices in highly inventive ways to steal our personal data and sell it, or conduct crimes from identity fraud to theft and more.
Cybercrime is no stranger to the limelight. We know that hackers can gain unauthorised access to military and government data, which are protected by the most stringent cybersecurity possible. Pieces of civilian technology, such as phones and computers, have long relied on security software in some form or another, and there are several solutions available to make people feel safe while using them.
When it comes to cybersecurity, one device that we frequently forget to consider is the e-cigarette. Although they do not connect to the internet (yet!), vaping devices can be manually fitted with technologies that may be used against us. That is why the hacked vape pen is a potential threat; it bypasses security software, and most people would not think twice about plugging it in because they are unware of the risk.
LiQuid, a leading UK vaping device seller, reviews comments from electronic security analyst Ross Bevington, who outlines where the potential hazards lay and how big of a threat our vapes may pose in the hands of a hacker.
Hidden hardware dangers
As time has passed, vaping devices have become more technologically advanced. Even the most basic devices have data storage capabilities that allow them to hold lines of code. While it is unlikely that a brand-new device in its original sealed packaging has been intentionally tampered with, you should be aware when you open it of the possibility that the information contained in it has been changed.
A hacker might modify the device’s functions in a variety of ways by inserting a hardware chip, which would increase its data storage capacity. This can enable a malicious actor to install a large amount of harmful code that might easily go undetected if the device behaves as we expect it to. This means that even if your device looks and works like a vape, it might be more than just the vape.
The true damage can occur when we link a compromised device to other pieces of technology. Connecting a vaporiser to a PC or laptop is a common way that many people choose to charge their devices; some manufacturers even advocate charging in this way, rather than plugging your vape into a power socket. Hackers can modify the data storage capacity and software functions of a vape such that this connection gives the device almost unlimited access to your computer and the information contained within.
As soon as the device to which you connect your vape is unlocked, the e-cigarette can theoretically gain complete access to your computer’s system. After this is done, the infected application has complete control over your personal information and the hacker responsible may do anything they desire with it.
USBs impersonating a keyboard
Explaining how a vape pen can gain even greater access to your system, Mr Bevington explains: “A USB device may possibly appear to be a keyboard, even if it doesn’t look like one. As a hacker, after you’ve become a keyboard, you may type in anything, such as orders to download malware”. Most people would not anticipate that their vaping device could be utilised in this way, which is what makes this scheme so effective – and so risky for users. If we connect a vape with a programme like this inadvertently, the hacker may simply mislead our system and run wild.
The best defence against this danger is simply to be aware of the potential and exercise proper caution.
Vaping devices pose just a little risk
While the possibility exists, Ross Bevington reassures us that “e-cigarettes are extremely confined in both connectivity and storage, which restricts their usage in malicious scenarios”.
He goes on to say that malware has very little chance of unlocking the device to which it is connected. If you are concerned about your cybersecurity, keep your computer closed when connecting to charge your vaporiser. This restricts its access to sensitive information, even if the device has been modified by a malicious actor.
Mr Bevington emphasises the limited risk presented by vaping devices, saying: “Realistically, you should be more concerned about running dodgy software.” The risk, he says, is “ensuring that your system is up to date with the latest software updates.”
How to protect yourself from USB malware attacks
If you often connect USB devices to your computer, there are a few things you can do to protect yourself against cyber-attacks that target this access point. “There are a lot of devices you can buy that sit in front of the USB socket and only allow a device to charge,” Ross says. Companies often utilise software to restrict a user’s workstation, so that it will only accept devices on a ‘allow’ list.
Another important aspect is common sense. Making sure that whatever you connect through USB is reliable and from a trusted source can help to reduce danger. If you are unsure about the safety of a device, charge it using a plug socket rather than another device, and make sure devices owned by friends or relatives are secure before connecting.
When it comes to vapes, make sure you buy from a trustworthy merchant and that the item comes in original packaging with no evidence of tampering – avoid buying from market stalls, especially those selling generic, unbranded goods.
While this may seem like a simple statement, having a strong password for your computer and locking it while not in use will help keep you secure. You may also buy anti-virus software and monitoring systems to assist you to spot anything odd.