back to article E-cigarettes fingered as source of NASTY VIRUS

E-cigarettes have been fingered as the source of a new computer virus. "IT guy" Jrockilla told the Talesfromtechsupport forum that he suspects the malware was "hard coded" into the USB charger of his boss's electronic toker. In his post, he says: The executive’s system was patched up to date, had anti-virus and up-to-date …

  1. Heisenberg

    We need the hard evidence...

    If the hard evidence is not forthcoming then this is surely just another example of Vapo-ware...

    1. Crisp

      Re: We need the hard evidence...

      I agree. We've going to need more evidence if we're going to get to the butt of the problem.

      1. Khaptain Silver badge

        Re: We need the hard evidence...

        Their web filters are obviously not configured to deal with the dangers of secondhand smoking.

        1. Destroy All Monsters Silver badge

          Re: We need the hard evidence...

          The sysop really hit the puffers this time.

          1. AbelSoul
            Holmes

            Re: We need the hard evidence...

            Scottish readers doubt that's true.

      2. Mark 85

        Re: We need the hard evidence...

        Exactly. If we shout warnings from the rooftop we risk making an ash ourselves.

    2. Anonymous Coward
      Anonymous Coward

      Re: We need the hard evidence...

      Seconded. The evidence should be easy to obtain, but I bet we never hear about it again. Remember BadBIOS? Nothing ever came of that...

      1. kb
        Megaphone

        Re: We need the hard evidence...

        Everyone is making funnies but just remember there have been a rash of "ZOMFG ecigs burn babies!" style FUD articles in the past few months but when anybody asks for the actual data to back up the claim? Crickets.

        Cigarettes are a billion dollar business folks, not only for big tobacco but for big mommy government in the form of taxes, ecigs cut both out of the loop so be sure to ask for the data and follow the money.

        If you don't believe me feel free to look up the article by the Japanese researcher being pushed by the media just yesterday, he claimed ecigs have ten times the carcinogens of regular cigarettes, oh noes! When multiple groups asked what should have been simple questions like what brands were tested, whether he was talking premade cig carts or juice, what the power levels used were, what was used to measure the samples? Crickets.

        1. Robert Helpmann??
          Childcatcher

          Re: We need the hard evidence...

          ...for big mommy government in the form of taxes, ecigs cut both out of the loop...

          Just because they aren't taxed the same as tobacco products now is no reason to think that they cannot or will not be in the near future. Sam with electric cars and the gas tax (in the US). The electric version will be taxed, it's just a question of how much.

  2. Inventor of the Marmite Laser Silver badge

    Shouldn't there be

    some kind of filter?

    1. John Bailey

      Re: Shouldn't there be

      No.. Usually just a tube

  3. Shadow Systems

    Use a "USB Condom".

    It's a dongle that plugs into any USB port between the port & the device you want to plug in. The dongle connects ONLY the power leads from port to device, thus removing any data transfer capabilities. No data transfer means no infection means you can laugh in the face of that particular infection vector.

    1. joeW

      Re: Use a "USB Condom".

      Even that is often unnecessary; I'm looking at an e-cig USB charger right now, and it only has connectors for the power pins present on the connector, no data pins.

      1. Clamps Silver badge

        power only

        "I'm looking at an e-cig USB charger right now, and it only has connectors for the power"

        ok, great , is it ok everybody uses your charger then?

    2. Marcel
      Alert

      Re: Use a "USB Condom".

      Indeed, use a condom: http://syncstop.com/

      Stops computers being infected by malicious cigarettes. Stops your smart phone being infected by malicious chargers.

    3. Anonymous Coward
      Anonymous Coward

      Re: Use a "USB Condom".

      AKA a Google Chromecast USB lead...

    4. Dave Bell

      Re: Use a "USB Condom".

      I have a battery "power-pack" I picked up at Lidl in the summer. Built-in solar cell, as will as a mini-USB input for charging, What is maybe relevant for this is that the output is a standard 2-contact power connection with an adaptor to standard micro-USB. It could still send a virus to a computer that was charging it, but anything you use it to charge would be safe.

      It is possible to make your own "safe" lead, but I am not so confident with a soldering iron these days. The no-data leads are sometimes labelled as "fast charge".

  4. ObtuseMusings

    Expected

    This is entirely possible in essence but also most unlikely. Energizer also had a back door trojan issue in regards to one of their USB chargers a few years back but as long as you are somewhat vigilant with your security (as everyone should be) then it won't do much to you, if at all. The moral of the story though is that if you buy anything remotely iffy then nerver connect it to something that can 'dial' out. Use a plug socket if you are in doubt.

    1. Bloakey1

      Re: Expected

      It was not the actual charger that was the issue on this one, it was the software that ran it. I have one here in my box of "what the fsk was all that about" devices. Currently most of the stuff is lying under a raft of crappy failed Seagate drives along with some new ones that I will not use.

      Personally I do not believe that a ciggy charger can do any such thing particularily when he has anti virus protection.

      Perhaps a nice foil hat would be the best apparel for the guy stating this has happened..

  5. Irongut

    What a load of old virginia

    Oooh his anti virus was up to date so it must have been the fags. Yeah right.

    Why would an e-fag have anything other than power pins in the usb connection? I detect a lot of smoke, and probably a few mirrors. All designed to get the IT dept off the hook for whatever damage this breach has caused.

    More likely the guy caught a virus that was not detected by their corporate av, etc. These things aren't a magic bullet.

    1. Khaptain Silver badge

      Re: What a load of old virginia

      >Why would an e-fag have anything other than power pins in the usb connection

      Simply because they can or because one of the existing superpowers/badguys/Russian hackers will do anything to introduce Regin/Stuxnet or equivalants into any/all machines....

      Or maybe even Marlboro, Lucky Strike etc did it on order to present subliminal messages to the luser that cigarettes are good for you and ecigarettes are bad..

    2. Slacker@work

      Re: What a load of old virginia

      So if the sysadmin in question was soooo efficient at client side security how come the USB wasn't disabled to unknown devices or charging disabled in the BIOS??

      1. Matt Bryant Silver badge
        Facepalm

        Re: Slacker@work Re: What a load of old virginia

        "So if the sysadmin in question was soooo efficient at client side security how come the USB wasn't disabled to unknown devices or charging disabled in the BIOS??" You missed the bit about this being an executive's machine. Securing the systems for average lusers is easy and the worst you have to deal with is a bit of grumbling ("But I need my iTunes at work!"), but senior management have a daft habit of assuming the rules shouldn't be applied to them. Several years ago, when we glued plugs in the desktops of the average lusers, the execs (who ordered the measures) were amazed at the idea it should be applied to their desktops too.

    3. Dan 55 Silver badge

      Re: What a load of old virginia

      USB devices are supposed to negotiate the current they draw using the data lines before they draw it, but old phone chargers and things like USB fans don't do that, they just send/draw 500mA.

      Using negotiation with data lines hopefully manages to make a modern phone or tablet avoid drawing more than the charger sends or a USB port's fuse on a computer.

      "Hopefully" because the voltages on the data lines for higher currents aren't very standardised yet. If you were to use, say, a Samsung 2A charger for an iPhone or iPad then it might have a funny turn or it might just charge slowly at 500mA (I've not tested it).

      1. John Tserkezis

        Re: What a load of old virginia

        "USB devices are supposed to negotiate the current they draw"

        You're right, but there are "strings" attached to that requirement. Power draw, especially from USB2, can be highly non-standard.

        I've seen USB host designs that don't negotiate current, it's suppilied raw from the local 5v rail. (yep!)

        I have a new-ish USB hub that of its 7 ports, has 2 ports that do NOT negotiate current - they pump out up to an amp each without discussion.

        iThings are a little different - they're especially non-standard. To make sure the power supply can actually supply what the phone/tablet can ask for, there is a backward compatible kludge with resistive voltage dividers that the device monitors, and senses if it is indeed an Apple-qualified charger, and with what current capability. This way, the device can know what the charger can pump out, and do it cheaply so you don't need USB 'smarts'.

        Next step up is USB 3, where it can negotiate higher voltages to get more power to the device. In this case, smarts are always used, because accidently pumping 15v+ into a device designed for 5v is obviously catastrophic.

    4. This post has been deleted by its author

    5. Anonymous Coward
      Anonymous Coward

      Re: anti virus was up to date so it must have been the fags....

      I know you're upset but there's really no need for homophobia.

    6. Anonymous Coward
      Anonymous Coward

      Re: What a load of old virginia

      Maybe it was a freebie or a gift from a supplier/ vendor/ lobbyist or similar that was carrying a less than friendly payload?

      In my shop we ask staff to turn over all their freebies for security checking, since asking them to reject all such shiny gifts in the first place is considered too much to expect.

    7. GX5000

      Re: What a load of old virginia

      Most AV's disable USB auto run anyways...But I digress as someone has already mentioned e-cigs don't have the capability to transfer data.....at the moment.

  6. POSitality

    A matter of principle

    The E-cig charger moniker on this story is new but otherwise this is just the already known "subverted USB device" attack vector.

    "Oh, you went to charge this £30 landfill Android tablet and you found an Autorun virus on the flash storage? Shocking!"

    En principe, PC USB ports are not for charging! Get a mains-to-USB adapter pls :)

    1. chivo243 Silver badge
      Coat

      Re: A matter of principle

      I nominate you to tell that to the Director! I've been there recently, and wish I was a doctor giving bad him bad news, sometimes the director will listen to his doctor, but rarely his IT guy...

    2. John Brown (no body) Silver badge

      Re: A matter of principle

      "En principe, PC USB ports are not for charging!"

      So what are the red USB ports labelled "Charging" and are always powered unless switched off at the wall for?

  7. Anonymous Coward
    Anonymous Coward

    Let's sum it up

    Any of the zillions USB devices circulating out there could exploit that same flaw.

    There is not a single known case of an infected personal vaporizer.

    Yet some idiots manage to point their fingers specifically at PVs and the story gets miraculously repeated all over the press.

    Go figure.

    1. Anonymous Coward
      Anonymous Coward

      Re: Let's sum it up

      Completely agree.

      Similar to a couple of months back when the "e-cig batteries can blow up when charging" story hit the news wires. Yes it is true insomuch that if you recharge ANY battery using a charger of the wrong voltage/amperage it's likely to pop.

      The more cynical might even suggest that this story has been planted by those who are loosing money hand over fist to the vap-sellers.... But of course the tobacco companies and/or government would never do anything underhand like that.

      1. Anonymous Coward
        Anonymous Coward

        Re: Let's sum it up

        Tobacco or pharmaceutical companies, or governments, spreading FUD about vaping just because they're losing craploads of cash?

        Nah, don't even think about it, we'd have noticed yet. Oh wait...

        1. Mage Silver badge

          Re: Let's sum it up

          Except the eCig Vaping marketing is being done by Tobacco companies. These gadgets still have addictive nicotine. They allow the images of sexy smoking on posters & TV too.

          1. Anonymous Coward
            Anonymous Coward

            Re: Let's sum it up

            Mage, I don't know the state of the vaping market in your country, but here we have two kinds of devices: the widely used, rather efficient "eGo" devices and derivatives, which have no relationship whatsoever with tobacco companies, and the crappy "cigalikes" which are indeed produced by tobacco companies but nobody uses them since they are, well, crap (and they taste awful, in addition). Hence the FUD: if we can't have the market, let's try and kill it.

            As to "addictive nicotine", you might want to check actual science on that matter rather than relying on hearsay: consumed in isolation from the chemical cocktail that tobacco combustion (ie. cigarettes) produces, and specifically Monoamine Oxydase Inhibitors (a class of antidepressants created during sugar combustion), nicotine is about as addictive as caffeine which is a far cry from the addictive power of tobacco cigarettes.

            1. Androgynous Cupboard Silver badge

              Re: Let's sum it up

              I would be gobsmacked if the cigarette firms pushing these e-Cigs hadn't engineered them to be as addictive as possible. That's the point of them, isn't it? It's not like they don't have form here.

            2. Anonymous Coward
              Boffin

              Re: Let's sum it up

              ER - caffeine is highly addictive and acts on the central nervous system in a similar way to HEROIN.

              (Dont just downvote - go do some research, the NASA study is particularly effective at showing what caffeine does to the brain)

            3. Rob

              Re: Let's sum it up

              @AC You need to be careful talking about addiction, nicotine maybe in the same class as caffeine but that too can also be addictive. Addiction can come in more than one form, just because it isn't physically addictive doesn't mean it can't be psychologically.

      2. Rob

        Re: Let's sum it up

        Quite a lot of the main stream vaporisers and cartomisers are brands produced by the major tobacco firms anyway. At no point were they going to let the nicotine market out of their grasp. If they aren't selling it directly in their own product then they are probably supplying the tobacco leaves by the bundle to other companies for their vap liquids, either way they will adapt quickly to the new market which by the looks of it is heading for a boom.

    2. hplasm
      Happy

      Re: Let's sum it up

      Completely OT-

      A personal vaporizer. If no flying cars, then zap guns!

      If you can charge them via USB, even better!

    3. Michael Wojcik Silver badge

      Re: Let's sum it up

      My latest study proves (p<0.5) that e-cig "vapor" is actually mostly the concentrated souls of orphans.

      Preprint to appear on arxiv.org soon.

  8. Florida1920
    Holmes

    Elementary

    As usual, El Reg commentards have smoked out the truth.

    1. Dan 55 Silver badge
      Coat

      Re: Elementary

      Indeed. It was a puffer overflow.

  9. Anonymous Coward
    Anonymous Coward

    i don't want to drag on about this...

    ... but, could there be some kind of signals intelligence angle here?

    1. JimmyPage Silver badge
      Coat

      signals intelligence angle ?

      Smoke signals ?

  10. Omgwtfbbqtime
    Pirate

    Next week:

    USB Christmas Tree fingered in Stuxnet infection.

    1. bpfh

      Re: Next week:

      That sounds like the Dr Who Christmas Special, no?

      1. P. Lee
        Coat

        Re: Next week:

        >That sounds like the Dr Who Christmas Special, no?

        Now I have to move my desk so the Christmas tree isn't behind me!

        Icon: selfie of me and Pete... Pete? What happened to Pete?!

  11. CJ_in_AZ

    Smoke-free zone

    Yet another advantage of banning smoking in the workplace.

    I wonder, though, how this will tie into the states where "recreational use" of marijuana has been legalized...

  12. kb

    Doesn't have a thing to do with ecigs

    Unless you also blame Sandisk when a bug comes out on Flash? this is the fault of the USB consortium designing USB to automatically trust whatever the device tells it, this makes it trivial to put malware on pretty much anything USB.

    The solution? Point him to one of the several box mods that use a simple USB cord that just hooks to the battery, problem solved.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like