Stern Show staffer Scott "the Engineer" Salem needs to be careful the next time he plugs in his vape pen. Security researchers have uncovered how e-cigarettes and vape pens can be used by attackers to hack computers — even if it seems like they're just charging.
In one presentation at BSides in London, researcher Ross Bevington showed how a vape pen could be used to attack an unlocked computer by fooling it into thinking it was a keyboard or by interfering with its network traffic. He said similar attacks will even work on locked machines.
Another hacker and researcher, Fouroctets, published a proof-of-concept video that showed random commands being entered into his unlocked computer after he plugged in his vape pen to charge. For Sky News, he explained how he added a hardware chip to the vape pen, which allowed it to "talk" to the computer as if it was a keyboard or mouse. Upon plugging in and charging the vape, the chip made the Windows Notebook application open up and type, "Do you even vape bro!!!!"
Fouroctets said the script on the chip could have been designed to do something much more harmful. He explained that, in just under 20 lines of code, a computer can be commanded to download and run a potentially dangerous file. Fortunately, there is minimal space on an e-cigarette to hold this much code.
While this limits the impact of a potential vape pen attack, Bevington states, "Using something like an e-cigarette to download something larger from the Internet would be possible."