Vape Pens: source of USB attacks

If you have a vaping device, make sure it supports Verified/Secure/Trusted/etc Boot. 🙂

[…]Take this as the weirdest example yet that you should never plug random devices into your USB ports. […] While FourOctets has no ill-intent, it is easy to imagine someone less scrupulous loading a computer with something not quite as funny. Like, say, a keylogger. Or ransomware.[…]

A related presentation, as suggested from a poster in the above twitter thread:

Holy smokes, how to vape yourself to root
Ross Bevington
Abstract: We all know that smoking is bad for your health, but what about you or your organisations security? I’ll show you that an eCig isn’t just a glorified smoke machine but a low power, battery operated, exploitation platform. I’ll show you how easy it is to decrypt the firmware, write your own functionality and use this to pwn some systems. Turning your eCig into everything from a keyboard to a USB stick. On the way we’ll do a bit of reverse engineering, write a bit of code and show how you can do most of this on a shoe string budget. Looking for ways to defend against attacks like this? I have some options. Consider this talk if you want another reason to ban smoking at your organisation.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s