IoT

Are e-cigarettes the next hacking risk?

19th June 2017
Alice Matthews
0

While electronic cigarettes might be better for your personal health than normal cigarettes, latest research has found that your computer might not be so lucky. Giving a presentation at BSides London, security researcher & C++ software developer Ross Bevington showed how an e-cigarette could be used to attack a computer by fooling the computer to believe it was a keyboard or by tampering with its network traffic. While Bevington's particular form of attack required the victim's machine to be unlocked, that was not the case for all attacks.

Speaking to Sky News, Bevington said: "PoisonTap is a very similar style of attack that will even work on locked machines." 

Once safely connected to the PC, the e-cigarette could deliver just a few lines of code that would then kickstart the download process of a powerful virus.

Earlier on this year, another hacker and researcher known as FourOctets uploaded a video to Twitter which showed how an e-cigarette could be used to deliver just enough code to force a message to appear on the screen.

While this act is in itself relatively harmless, it does beg the question of what else could be loaded onto an e-cigarette. Fortunately there is usually very little space available on them to host this code. "This puts limitations on how elaborate a real attack could be made," said Bevington. "The WannaCry malware for instance was 4-5MB, hundreds of times larger than the space on an e-cigarette. That being said, using something like an e-cigarette to download something larger from the Internet would be possible."

Following this news, Cesare Garlarti, Chief Security Strategist at prpl Foundation made this comment: "The security of the Internet of Things is fundamentally broken. Developers and manufacturers understandably are eager to get their new hi-tech devices to market and unfortunately often overlook security. The e-cigarette example here is a prime example. The prpl Foundation advocates three focus areas to make IoT more secure: using open source, forging a root of trust in hardware and security by separation.

"Interoperable open standards are the key requirement if we’re to improve IoT security even in the smallest of connected devices – they will reduce that complexity by effectively outsourcing the trickiest security work to the subject matter experts."

Product Spotlight

Upcoming Events

View all events
Newsletter
Latest global electronics news
© Copyright 2024 Electronic Specifier