It’s an obvious statement to say that technology now plays a bigger role in our daily lives than ever before. Phones, tablets, laptops, smartwatches, Fitbits, and beyond; access to such amazing machines has revolutionised the way we live and gives us instant access to near-limitless information.
Unfortunately, this means those with less innocent intentions have more ways than ever to access our personal information. From identity fraud to theft, hackers can use electronic devices in incredibly creative ways to commit crimes or use our personal data for nefarious deeds.
Cybercrime has been no stranger to the spotlight. We know hackers can gain illegal access to even military and government data, which benefit from the strictest cybersecurity available. Civilian technology, like phones and computers, has long since featured security software in one form or another, with lots of options available to help us feel safe while we use them.
One device we often overlook when considering our cybersecurity is an e-cigarette. They might not connect to the internet (yet!), but vaping devices contain technology that might have the potential to be used against us. Top UK vaping brand LiQuid explores comments from the electronic security researcher, Ross Bevington, who explains where the potential risks lie, and how much of a threat our vapes could actually pose in the hands of a hacker.
The Dangers of Hidden Hardware
Vaping devices have become increasingly technologically advanced as time has progressed. The vast majority, even basic models, have storage capabilities enabling them to hold lines of code. While it is unlikely a brand-new device in sealed original packaging has been maliciously tampered with, the possibility of the information stored on it being altered remains plausible.
By installing a hardware chip, a hacker could modify the device in any number of ways. This includes expanding its information storage capacity. While causing harm is not the only reason to modify a vaping device, dangerous code could easily go unnoticed if the device functions as we expect – if it looks like a vape, and works like a vape, it’s probably just a vape, right?
The real harm is done when we connect a hacked device to our other tech. Sooner or later, your vape will run out of battery and require a recharge. For many of us, connecting a vape to a PC or laptop is a typical way to charge it up; many manufacturers even recommend that the device be charged in this way, rather than plugging into a wall socket.
Should the device you connect your vape to be unlocked, then the e-cigarette has theoretically been given full access to your computer’s system. Once this is done, the malicious program has free reign and can do whatever the hacker intended with your private data.
USBs can be Disguised as a Keyboard
Mr. Bevington explains: “A USB device could potentially pretend to be a keyboard, even if it doesn’t look like one. As a hacker, once you’ve become a keyboard, you can type in anything, such as commands to download malware”. While many people wouldn’t expect a vaping device to be used in this way and we innocently connect a vape containing a programme like this, the hacker can easily trick our PC and run rampant.
The best defence against this risk is to simply be aware of the possibilities and apply caution appropriately. Many of us would not even know that a vape device could be targeted by hackers, but we should approach any and all electronic devices with caution until we are confident. Only then can they be connected safely to a device that holds sensitive personal data.
Vaping Devices Only Carry a Minimal Risk
While the possibility exists, Ross Bevington reassures us that “E-cigarettes are really constrained into both connectivity and storage, which limits their use in malicious scenarios”.
He goes on to explain that there is also minimal scope for malware to actually unlock the device you connect it to. Best practice for anyone concerned about their cybersecurity is to keep your computer locked when you connect to charge your vape. This will limit its access to anything sensitive.
Further stressing the low risk posed by vaping devices, Mr Bevington states that “Realistically, you should worry more about running dodgy software and ensuring that your machine is up to date with the latest software updates.”
Hacking a Vape Could Have Benefits
When asked about the possibility of using hacking to alter a vape device in beneficial ways, Mr Bevington notes that they have “untapped potential for being a more connected and useful, smart device”. As technology advances we are seeing this apply to more and more items – only a few years ago we had never heard of a ‘smart watch’, so it is not a stretch of the imagination to assume vaping devices might follow suit. Only time will tell!
How to Defend Against USB Malware Attacks
If you regularly connect devices to your computer via USB, there are a number of ways you can protect yourself from cyber-attacks that target this access point. First and foremost, Ross tells us “There are a number of devices you can buy which sit in front of the USB port and only enable a device to charge. Businesses can often use existing software to lock down a user’s workstation to only accept devices in an ‘allow’ list.”
Common sense is another big factor here. Ensuring anything you connect via USB is trustworthy will go a long way towards mitigating risk. Don’t plug in a USB you found on the street, for example, and check devices owned by friends or family are safe before connecting.
Where vapes are concerned, make sure you are buying from an accountable, reputable retailer, and ensure the device comes in official packaging with no signs of tampering – avoid market stalls, particularly those offering generic unbranded products.
While a potentially obvious statement, ensuring you have a strong password for your computer, and locking it when not in use will help keep you secure. You can also invest in a range of anti-virus software and monitoring systems that can help you detect anything suspicious.
Read more: How to Set Up A Vape Bar At Home