E-cigs and malware: real threat or Yellow Peril 2.0?


#1

[Permalink]


#2

Sure its possible. But then the simplest solution is just not to charge your ecig in your computer.


#3

just as my recently paroled son demonstrates on almost a daily basis, if you spend years around people who have made criminal conduct their vocation your trust of others is exceedingly minimal.


#4

The thing that comes to mind is: If e-cigs are only using USB for charging, why are the USB data lines connected at all?

There shouldn’t be any risk of malware because there’s no need to have anything connected that could be infected with malware :confused:


#5

#6

Regarding the idea of “yellow fever”: I find it is hard for most normal people to talk about China without sounding a bit racist. The name of the country is also used to describe both a race and a nationality with the presumption of homogeneity. Couple that with a sensationalized fear of an ascendant economy, and the fact that most people’s experience of Chinese culture is typically brokered by way of stereotypes and artistic shortcuts… Well, it makes it hard for people.


#7

Same applies for working in computer security.

Some charging chips use the data lines for negotiating with the charger; there are several possible standards.

Technically, you don’t need the data lines (unless you have a smarter charging chip). But if they are or aren’t connected depends on the manufacturer. You can also have aftermarket mod done on the device.

If you want to be standards-compliant, and want more current from the USB port, you have to ask, though. Then you need a chip that will negotiate with the port. That requires implementing the USB protocol.


#8

This comes down to “who’s telling the truth?” We’ve been so blown away by the Snowden NSA information that we can safely conclude that the NSA isn’t telling the truth.

As to whether e-cigs come with malware installed, that should be rather easy for an investigative tech reporting company to discover, by using malware sniffers on a large variety of e-cigs.


#9

I’ve never really cared about having my keyboard or mouse be USB. If I used the PS/2 purple and green ports for my input, could I tell my OS to disallow any USB keyboard input? (bonus if it flagged it and alerted me)

Alternatively, I’m wondering if there might be some sort of pass-through USB fob that could handshake with the OS that would basically say, "trust this device, no other)


#10

Also, never insert the tobacco kind. It really messes up the floppy drive.


#11

Yeah, right. Name one scientific study that shows tobacco is harmful to computers.


#12

Smoke can be pretty corrosive. Tobacco smoke contains formaldehyde and formic acid, see here, that can contribute to corrosion of exposed metals.

The other effects include deposition of particulates on surfaces, which, due to their sticky nature, hold dust and may impair cooling. Then there is the deposition of these within optical subsystems, e.g. CD drives, lowering the signal/noise ratio. Deposition on accessible contacts, in low current circuits, may also impair reliability of switches.

If you mean dry tobacco, that should behave mostly as an inert material, impairing at most mechanical subsystems it gets into (including connectors) and interfering with cooling if in the airflow path. It may also slightly increase risk of fire, like any other combustible material.

Did you mean this? :stuck_out_tongue:


#13

Cigarettes give computers viruses, books run out of space, and we talk TO our phones - not through them.

The future is weird.


#14

You almost certainly can, yes. The specifics would depend on your OS. In Windows, for instance, you can disable the USB controller in the device manager. In OS X, you would need to remove or rename /System/Library/Extensions/IOUSBMassStorageClass.kext

linux is a bit more involved, so here is a link for an Ubuntu example.

All that said, your best bet is disabling USB support at the BIOS level, which not all systems will support. That also prevents someone bypassing all the OS-based restrictions you might have implemented by the simple expedient of booting your machine from USB.


#15

Now we’re back to PSA’s and warning labels for (e)smokers.


#16

You can also put switches inline to the D+/D- lines, for manual enable/disable independent on the software.


#17

This particular exploit doesn’t scare me all that much-there are still USB devices I’m going to want to use, and I have some degree of faith in my physical security, I don’t let strangers near my cell phone or laptop. Please note, I don’t want to disable all USB devices, I only want to disable USB keyboards and mice. (There may well be other avenues for this exploit, besides pretending to be a keyboard, but I’ll burn that bridge when I get to it.)


#18

back in high school i used to work for a computer cleaning (preventative maintenance) and repair shop…remember when people used to clean and repair computers? you could always tell who heavily smoked cigarets indoors, the thick sticky yellow coating on the entire inside of the case and components was a dead giveaway.


#19

The obvious solution is to use a dedicated charger block, rather than your computer. It’ll charge faster too. Of course, people were talking about those having wifi sniffers and the like built in not too long ago…


#20

Sometimes I still do that. One has to keep the knowledge/skills current. And I hate not-repairing things.

Very familiar with this one! I’d call it “thin” but that’s a relative term.

On Linux you may be able to selectively disable the relevant kernel modules (rename/remove the files so they fail to load). Or if you are more hardcore, patch the kernel at the source level.