e-Cigarette from China Infected Man’s Computer with Malware

a reply to: Klassified

yes, I actually work in the industry. I actually design stuff like this, so I think I have a valid leg that I stand on.
Many a time, the so-called IT-professional are clueless, and would blame anything for something that they cannot pin-point. You will laugh if I tell you how many times something that 'plugs into the computer' gets blamed for something else, even though the 'something that plugs into the computer' has no data-connections at all, just taps the 5V power from the USB connector.

what is more believable? An e-cig using USB-charging being used for some nefarous purpose, or just a clueless 'IT-expert' or manager that doesn't want to admit that he plugged in a USB-drive filled with porn and other malware. My bets are on the latter.

Of course I can design something like what is being portrayed, but why? what incentitive is in it for me?

a reply to: Hellhound604

You really got an ego ehh?

So just because you don't want to spy no one else will?

And you know for a fact the charger in this case only tapped the 5v? I know I wouldn't be able to tell from the outside it the 5v was the only connection it had. Wouldn't be nothing to have it connect to more then just the 5v.

a reply to: Hellhound604

yes, I actually work in the industry. I actually design stuff like this, so I think I have a valid leg that I stand on.

Awesome. Glad you chimed in.

Many a time, the so-called IT-professional are clueless, and would blame anything for something that they cannot pin-point.

True enough. Many of these guys are neither techs or programmers. They are networking specialists, and haven't a clue outside of their specialty.

You will laugh if I tell you how many times something that 'plugs into the computer' gets blamed for something else, even though the 'something that plugs into the computer' has no data-connections at all, just taps the 5V power from the USB connector.

Also true, though in some cases it may only appear not to have any data connections. Until it is checked out, and the opposite is found to be the case.

what is more believable? An e-cig using USB-charging being used for some nefarous purpose, or just a clueless 'IT-expert' or manager that doesn't want to admit that he plugged in a USB-drive filled with porn and other malware. My bets are on the latter.

I can't help it. This is funny as hell. I can't count the times I've run into situations similar to this. And they always think they can fool me into thinking they have no idea how they got infected. Normally, my bets would be on the latter as well, but I have seen infected peripherals in action. So I know this is an issue that will have to be addressed at some point.

Of course I can design something like what is being portrayed, but why? what incentive is in it for me?

Ah yes. Motive. Well, for anyone like the Chinese who would have a vested interest, the motive is clear enough I would think. Testing the waters.

originally posted by: MystikMushroom
The US Government uses Dell computers. Where are Dell computers made? Not in the USA.

I'm sure that there is some kind of screening that goes on with all hardware for the military and government, but it would be pretty darn hard to go over it all with a fine tooth comb.

All it would take is an innocuous little chip, placed anywhere hiding as an i/o chip or some other routine component and have it incorporate a timer...to activate the code in X time/weeks/months/years after installation.

Any security sweep looking for abnormal code or execution would never pick it up until it is activated, which is too late of course.

originally posted by: ckhk3
Never buy your vaping devices or liquid from China. Always buy usa made and do your research.

I'm curious what products you use that aren't made in China? Aside from the high-end gear everything is made in China, so it's a bit difficult to avoid. All of your popular gear like Aspire, Kanger, Joyetech, etc are all Chinese. Unless you use expensive, non-clone rebuildables and mods there isn't much non-chinese gear out there.

Chinese liquid (Dekang, Hangsen) is also made in a legitimate lab with clean room facilities, with their ingredients sourced from American companies (Dow chemical provides them PG, nicotine, etc) I've seen the labs myself, they are incredibly professional setups that make most US and European juice manufacturers look like moonshine operations.

That's not to say bad juice and bad gear can't come from China, most of it does. But that doesn't mean that Chinese stuff is inherently bad, as the vast majority of happy vapers are using Chinese gear (many of them not even knowing it)

originally posted by: AnuTyr
he probably bought it from Ebay. I imagine if a company produced infected ecigs it would be shut down pretty fast.

Im guessing the guy got it from alibaba or ebay or somewhere else online where some asian dude put the virus into the adapter then sold the e cig via auction. Now if this came from a company fresh from the box that would be a problem.

Considering all of this type of gear (lower-end stuff) is made in China, who would shut down the company? If the Chinese are actually involved in attempted spying via ecigs, they won't shut it down. If it's just the company owner doing his own thing, I doubt the Chinese government would care.

Even if the retailer is in the US, or the "manufacturer" seems to be in the US, it's still just Chinese gear with specialized branding, and I seriously doubt any US retailer checks their ecigs for virus. Just trying to point out that there is really no way to protect yourself from someone putting a virus in ecig gear, avoiding alibaba and ebay won't do any good.

As for the ability to put something malicious in an e-cig charger, it absolutely can happen. E-cig chargers are NOT just a straight-through 5v connection. The plug on a USB charger has all the same pins/connections as a regular USB, and inside the charger is a chip for regulating and monitoring battery voltage, this is the chip that would be used to store the malicious code.

Another thing, this appears to just be the actual charger causing the issue, but several newer e-cig devices actually have software updates that can be done. The chip inside the device itself is actually very complex and is more like a mini-computer, and considering it's software can be updated, it might not take much for someone to actually put some code in the e-cig itself which would infect a computer when you hook it up to update.

Personally I don't believe there is any conspiracy to put spyware on vape gear, because it's already incredibly easy to infect people with such things without spending money modifying consumer electronics and hoping they buy your product.

If anything I suspect this would be a TARGETED attack, in the sense that the man's ecig was used by someone watching this corporation as a way to get past security. The CEO is being watched, they see him using an e-cig (or even watch his online transactions to see he bought one) they follow him and replace his charger with an infected unit, maybe even intercept his package and replace it with their own.

Corporate spying is a huge deal, with a huge amount of effort and money put into it, so sneaking some code into a guy's electronic device makes more sense than a conspiracy at the source of the product itself.

This could also just be more anti-ecig propaganda, as the author is a complete dweeb with their obvious bias:

"Smoking will not only damage your health but also your computer"

Vaping is not smoking, so why are they talking about smoking?

"Despite the [fact the] idea could appear hilarious, many electronic cigarettes can be charged over USB using a special cable or by inserting one end of the cigarette directly into a USB port.”

No.

"Further investigation apparently revealed that it had stemmed from a $5 e-cigarette bought from the online auction site eBay."

Why is an executive at a large corporation buying incredibly cheap junk off eBay?

An anti-ecig hit piece seems just as likely to me. Evidently now reddit posts count as primary sources for internet news!

a reply to: James1982

I use the halo brand. Personally, I will only purchase American made.

originally posted by: DEFCONWhite
a reply to: Klassified

Good thing I plug mine into the wall.

I didn`t even know it was possible to recharge them with a computer.
all can say is, you deserve to get a virus f you recharge them with your computer, IT`A COMPUTER! NOT A CIGARETTE RECHARGER,YOU BONEHEAD!

Sounds like more propaganda to get them off the market to me. I've seen this article make it's way around Facebook and Reddit, and to be honest, I can't take this as credible considering the complete and total lack of any understanding of how they work.

USB chargers use power from the USB bus..

These chargers have no firmware.. They do not interact with
the operating System in anyway.

HOAX

originally posted by: ckhk3
a reply to: James1982

I use the halo brand. Personally, I will only purchase American made.

All halo e-cigs are made in china, the juice is USA made though. Those companies just contract a Chinese factory in Shenzhen to produce their gear with whatever brand you want on it. Unless it's high-end rebuildables and mods, it's made in China. The "triton tanks" for example are just re-branded/cloned Kanger tanks (looks like T2s but might be wrong) Their triton batteries are cloned eGo batteries, Their G6 line is just cloned Kanger KR808 batteries.

I'm not bashing their products, but they aren't American made or designed (other than possibly choosing color and accents)

a reply to: James1982

Good to know. I'll double check with Cinderella or Johnny blaze on that.

Anything that plugs into a USB port can be infected if it has chips in it.

I got a USB to serial adapter from Best Buy (insignia brand)that was infected with malware.

I believe the company knows it and ignores it as they make money repairing and replacing computers.

originally posted by: James1982

originally posted by: ckhk3
a reply to: James1982

I use the halo brand. Personally, I will only purchase American made.

All halo e-cigs are made in china, the juice is USA made though. Those companies just contract a Chinese factory in Shenzhen to produce their gear with whatever brand you want on it. Unless it's high-end rebuildables and mods, it's made in China. The "triton tanks" for example are just re-branded/cloned Kanger tanks (looks like T2s but might be wrong) Their triton batteries are cloned eGo batteries, Their G6 line is just cloned Kanger KR808 batteries.

I'm not bashing their products, but they aren't American made or designed (other than possibly choosing color and accents)

There's a lot of truth there. Most everything is Chinese made, except for a few select brands. Whether it be Kanger, Aspire, Innokin, Smoktech, Vision, it's all made in China. I don't use any of those particular brands, but there is only a couple of "authentic" pieces in my collection. Even some of the so called authentics are made in China.

I wouldn't worry about it too much. It is a simple charging circuit. Nothing more, nothing less. I would be more likely to blame a flash drive than a battery. One case of what sounds like an IT guy not knowing what he is doing and trying to pass the blame elsewhere is no reason to be concerned with this. Like I said in my previous comment, I would be more likely to believe it is propaganda to remove ecigs from the market, or a chance to put them under regulation, considering the FDA is already working on trying to. Of course, the FDA's excuse is that they must be getting marketed to children because not all of us adults want the taste of a burning plant.

originally posted by: ANNED
Anything that plugs into a USB port can be infected if it has chips in it.

I got a USB to serial adapter from Best Buy (insignia brand)that was infected with malware.

I believe the company knows it and ignores it as they make money repairing and replacing computers.

^^^
Nah. Not possible. It doesn't have any firmware. It's just a rewired adaptor. It's all a hoax.

originally posted by: Tardacus

originally posted by: DEFCONWhite
a reply to: Klassified

Good thing I plug mine into the wall.

I didn`t even know it was possible to recharge them with a computer.
all can say is, you deserve to get a virus f you recharge them with your computer, IT`A COMPUTER! NOT A CIGARETTE RECHARGER,YOU BONEHEAD!

My mom charges hers using her laptop when she's laying down reading at night.

a reply to: Klassified

Thats why nothing gets plugged into my machine. I never knew the details about this but I have suspected for years.

a reply to: Klassified

That's crazy! I literally just finished watching a piece about the top 10 flashlight apps on smartphones doing something similar. The top 10 flashlight apps have malware and trojans that send information back to CHina, Russia, and India. Now you're telling us about Chinese e-cig malware. Wow.

8vid.tv...