It turns out vaping may be bad for more than just your look.
With a few tweaks of the pen, a security researcher has demonstrated that vaporizers can be modified in such a way as to pass code to your computer.
The problem, as with many things security related, comes down to the USB port. Used for both charging and data transfer, the port is a convenient place to plug in phones or other devices that need a battery boost—devices like vape pens.
In a video demonstrating his work, the researcher, who goes by FourOctets, plugs an e-cigarette into a computer’s USB and the device immediately lights up as if to charge. A few seconds go by and the computer starts to react.
“DO U EVEN VAPE BRO!!!!!,” reads a message that pops up on the screen.
Essentially, the vaporizer issued a custom command to the computer, and the computer was all too happy to oblige.
Take this as the weirdest example yet that you should never plug random devices into your USB ports.
While FourOctets has no ill-intent, it is easy to imagine someone less scrupulous loading a computer with something not quite as funny. Like, say, a keylogger. Or ransomware.
So how did he make this happen? Thankfully for people worried about their e-cigs catching a virus, it required some hands-on work.
“It started as more of a joke than anything,” FourOctets elaborated over Twitter direct message (he declined to give his real name). “This is done with extra hardware and a little bit of code.”
As to the point of the demonstration, other than the fact that it is legitimately hilarious?
“Another goal usually when doing dumb stuff like this is that stuff is not always what it seems and that random stuff that can plug into a computer can be dangerous,” he explained. “A lot of folks aren’t aware that something like this is even possible whether it be with firmware or added hardware and a tiny bit of code found online.”
So should you be worried that your vape pen is delivering malicious code to your laptop?
“It’s probably pretty unlikely to ever get something like this from the factory that would do this,” FourOctets noted, “but the possibility is there and people need to be mindful of that.”
So, you know, something to maybe consider the next time you’re ripping that sweet cotton.