With various electronic devices have been targeted for cybercriminal use, attention is being brought to the possibility of vape pens being hacked. As a device with storage capability, could a vape pen be altered to store harmful lines of code? We look at the possibilities of a vape being hacked into for malicious purposes, and how it could infiltrate your PC.
At Edgevape, we stay ahead of the technological advancements in vape devices and technology. Here, we use commentary from independent security researcher Ross Bevington to understand the possibility of your vape pen being hacked, and how to protect yourself from potential attacks.
Hidden hardware could prove harmful
Vapes are electronic, battery-powered devices that have storage capabilities, meaning that they can hold lines of code. Naturally, a vape fresh out of the box will not hold any malicious content, but the possibility of altering this information remains plausible.
In installing a hardware chip, a hacker modifies the vape device, granting it further capacity to store information - harmful or not. The vape would still be functional as an e-cigarette, but would now hide lines of code that could be written for harmful purposes.
The danger arises when a harmful device connects to yours. When a vape device runs out of battery, it needs to be charged, and many opt to plug theirs into their laptop or PC. If the computer into which it is plugged is unlocked - which is often the case - the vape pen theoretically has full authorisation, granting the malicious program entry to your computer system.
USBs are granted access by pretending to be a keyboard
Ross explains that to trick a computer: “Plugging in a USB device could potentially pretend to be a keyboard, even if it doesn’t look like one. As a hacker, once you’ve become a keyboard, you can type in anything, such as commands to download malware”.
The danger can be substantially reduced by being aware of the risks and minimising opportunities for a harmful device to be connected to yours. Few people would expect a vape pen to be altered for hacking purposes, or know that it is even possible to do so, so it is vital to approach any electronic device with a degree of caution - especially if you are planning to plug it into your computer.
Vape pens have limited scope for malicious intent
Delving into the possibilities of a vape pen being altered unearths positive limitations. Ross elaborates: “E-cigarettes are really constrained into both connectivity and storage, which limits their use in malicious scenarios”.
Furthermore, there is little scope for malware to be able to unlock computers - though it is not impossible. So, keeping your computer locked when plugging in a device would limit its access.
Moreover, risk can be further mitigated by sticking to a simpler device with reduced capacity for storage such as the EDGE GO.
How to protect yourself from USB malware attacks
There are a few ways to protect yourself from cyber-attacks from devices that plug into your computer. If you regularly use the USB slot, Ross advises that: “There are a number of devices you can buy which sit in front of the USB port and only enable a device to charge. Businesses can often use existing software to lock down a user’s workstation to only devices in an ‘allow’ list.”
The best way to defend your devices against potential malware is by being sure the device you’re plugging in is trustworthy - for example, not plugging in a USB you have found in the street, and being sure that a friend’s device is safe.
However, the risk of a vape device being maliciously altered is low. Ross notes that: “Realistically, you should worry more about running dodgy software and ensuring that your machine is up to date with the latest software updates.”
Furthermore, be sure to set a strong password for your computer, locking it when not in use. Additional steps such as investing in a monitoring system and anti-virus software from a reputable source will help you detect anything suspicious.
Hacking a vape device could improve its features
We at Edgevape also explored the possibility of altering vape pens for positive uses. As an electronic device with capacity for modification, Ross says: “It has untapped potential for being a more connected and useful, smart device”. We may see large developments in a vape pen’s ability in the years to come.
For the latest news, advice, and tips on vape devices, be sure to check out EDGE Hub.
With over 5 years within the vaping industry, Ian has amassed a wealth of knowledge that is unparalleled throughout the industry. His knowledge extends beyond e-liquids and devices, but covers safety and compliance as well as best practice and more to name but a few.