The vape pen could become the latest tool in the cybercriminal arsenal, experts have suggested.
A report from EDGE Vaping, which manufactures e-cigarettes and refill cartridges, claims it’s feasible that hackers could modify vape devices to house malware, with the aim of infecting personal computers.
Although many people charge their vapes at the wall, others use the USB ports on their laptop or desktop PC, creating an opportunity for infection.
Unlikely, but possible
As standard, vape devices ship with only a tiny amount of on-board storage, which is insufficient to house typical malware strains. The famous WannaCry malware, for example, is said to be roughly 100 times larger than the storage capacity of the average e-cigarette.
However, EDGE Vaping says it would be possible for a hacker to introduce an additional chip to a vape device that increases the storage capacity, without altering the form factor in such a way that the owner might notice.
This notion was supported by security expert Ross Bevington, who confirmed it would be possible for a cybercriminal to introduce code that disguises a vape pen as a traditional computer peripheral, such as a keyboard.
Bevington was also eager, however, to play down the likelihood of such an attack, which he described as a fringe scenario. “Realistically, you should worry more about running dodgy software and ensuring your machine is up to date with the latest software updates,” he said.
But nonetheless, EDGE Vaping says the opportunity to turn a device as innocuous as a vape pen into a vehicle for malware or ransomware should act as a reminder that caution is always required when plugging a device of any sort into a personal device.
“People need to be aware of the risks involved when connecting unknown devices to their computer,” said Mike Williams, Head of IT at EDGE Vaping.
“Whilst it should be highlighted that the threat level of hackers using a vape pen to access personal files is low, one can instil good practices to maintain safety with electronic devices. Be sure to use trusted devices and software, and only buy vape pens from reputable sellers.”
Presumably, Williams includes his own company in that bracket…