MOSCOW, November 22 (Sputnik) – A post on the social news site Reddit recently alerted readers to the idea that electronic cigarettes can be used to infect a computer with malware while being charged from a computer’s USB port.
“One particular executive had a malware infection on his computer from which the source could not be determined,” the post read. “After all traditional means of infection were covered; IT started looking into other possibilities…the made in China e-cigarette had malware hard-coded into the charger and when plugged into a computer’s USB port, the malware phoned home and infected the system”.
While most of the comments to the post questioned its veracity, The Guardian quotes Rik Ferguson, a security consultant for global security software company Trend Micro, as suggesting that “the story is entirely plausible”.
“Production line malware has been around for a few years, infecting photo frames, MP3 players and more,” he is quoted as saying.
As an example, he cited a case where a photo frame produced by Samsung infected an installer disk with malware.
The Guardian also referred to a recent proof-of-concept attack called “BadUSB”, which involved reprogramming USB devices at the hardware level.
“Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming,” it quotes Berlin-based firm SRLabs, which released the code, as saying.
Combine the two, says Ferguson, “and a very strong case can be made for enterprises disabling USB ports, or at least using device management to allow only authorized devices.”