Friday, June 23, 2017

Attackers can exploit electronic cigarettes to hack computers

In November 2014, in a discussion started on the Reddit news media website it has been debated the case of a malware implanted by using electronic cigarettes connected over USB.
Hackers are able to exploit any electronic device to deliver a malware in a poorly protected network. Electronic cigarettes could be an attack vector, the idea may appear hilarious, many electronic cigarettes can be charged over USB, using a special cable or by inserting one end of the cigarette directly into a USB port.
The report posted on the social news Reddit website reported a strange case happened to an executive that discovered a malware in his system without immediately identify its source.
“One particular executive had a malware infection on his computer from which the source could not be determined,” reported a Reddit user “After all traditional means of infection were covered, IT started looking into other possibilities.
Investigating on the case, the man discovered that the electronic cigarettes were infected by a malware hardcoded into the charger, once the victim will connect it to the computer the malicious code will contact the C&C server to drop other malicious code and infect the system
Electronic cigarettes or vape pens properly modified could be an effective hacking tool to infect a targeted computer.
The security researcher Ross Bevington presented at BSides London how to use electronic cigarettes to compromise a computer by tricking it to believe that it was a keyboard.The researchers also explained that it is BSides London how to use electronic cigarettes to compromise a computer by tricking it to believe that it was a keyboard.
It is important to note that Bevington’s attack required the victim’s machine to be unlocked.
“PoisonTap is a very similar style of attack that will even work on locked machines,” Mr Bevington told Sky News.
The researchers also explained that it is possible to use the electronic cigarettes to interfere with its network traffic.
E-cigarettes are powered by a rechargeable lithium-ion battery that can be plugged into a cable or directly connects to the USB port of a computer.
“Security researchers have demonstrated how e-cigarettes can easily be modified into tools to hack computers.” reported SkyNews.
“With only minor modifications, the vape pen can be used by attackers to compromise the computers they are connected to – even if it seems just like they are charging.”
The researcher @FourOctets published a proof-of-concept video which showed arbitrary commands being sent to an unlocked laptop just by charging a vape pen.
Fouroctets modified the vape pen by simply adding a hardware chip which allowed the device to communicate with the laptop as if it were a keyboard or mouse.
“A pre-written script that was saved on the vape made Windows open up the Notepad application and typed “Do you even vape bro!!!!” reported SkyNews.
Enjoy the video!

0 comments:

Post a Comment