Some e-cigarettes from China have malware hard coded into the charger, providing cyber-criminals with an unusual but effective infection vector, according to online reports.
Reddit user ‘Jrockilla,’ who claims to be ‘an IT guy,’ posted a story last week about a data breach at a large enterprise.
The IT team apparently couldn’t work out the cause of a malware infection on an executive’s computer, given that the user had up-to-date anti-malware protection installed.
He continued:
“They finally asked the executive, ‘have there been any changes in your life recently?’. The executive answered, ‘well yes, I quit smoking two weeks ago and switched to e-cigarettes.’ And that was the answer they were looking for. The made-in-China e-cigarette had malware hard-coded into the charger and when plugged into a computer’s USB port the malware phoned home and infected the system.”
Phil Barnett, EMEA general manager at Good Technology, argued that the news should serve as a warning on the dangers of “a new generation of intelligent devices.”
“While laptops have increasingly sophisticated protection against malware attacks, mobile phones, tablets and wearable technologies do not yet. Malware can spread to these devices very quickly and cause risk to consumers and businesses alike,” he added.
“Any company that allows their data to be stored on a mobile device needs a security and risk management policy that takes into account the diverse and expanding number of sources of potential threats."
While malware from China is nothing new, there have been allegations in the past that US-produced technology products may also be at risk.
A June 2010 report from the head of the NSA’s Access and Target Development department, cited earlier this year by Glenn Greenwald, claimed the spy agency either receives or intercepts servers, routers and other technology bound for international markets.
It then installs backdoors before repackaging and replacing the factory seal, according to the story.
Fears over such activity led China soon after to begin screening any IT products bound for government departments, although some have argued this in fact is just an excuse for Beijing to reduce US imports.