Malware, viruses, Trojans, ransomware – the possible threats to IT networks seem to be almost endless. And the way that networks can be penetrated is becoming harder to predict and protect against.
It was recently revealed that electric cigarettes could be used to hack into IT networks. With only small modifications, attackers can use the vape pen to compromise the devices they are connected to – even if it appears that they are simply charging. At a recent presentation, a security expert demonstrated how an e-cigarette was able to attack a computer by tricking it into believing that it was actually a keyboard. While this specific form of attack needed the computer to be unlocked, others such as ‘PoisonTap’ will also work on locked machines.
Another researcher/hacker (known as Fouroctets) recently published a video showing how vape pens could be modified by adding a hardware chip that allowed the pen device to communicate with a laptop. On starting up, windows opened up the Notepad on the laptop and typed out the message “Do you even vape bro!!!!” Whilst harmless in this instance, the script could easily be modified to do something malicious.
While it is perfectly possible for e-cigarettes to deliver malicious material to machines, they are limited by space, so this reduces how elaborate the malware could be.
According to recent reports, USB devices that can hack a locked computer in under a minute can be obtained for as little as £4.
Endpoint security is all the rage at the moment. Essentially, it means ensuring that devices such as laptops, mobile phones and tablets are only given access to the network when strict procedures are followed. This helps reduce the risk of the network being exposed to malware. If you are looking for advice about and help in dealing with cyberthreats or how to improve your organisation’s endpoint security, take a look at a website such as https://www.promisec.com/.
The best ways to protect against attacks such as these are to make sure your machine has up-to-date security patches, practise good password hygiene (use strong, regularly changed passwords), and make sure to lock your device when you have to leave it unguarded. And you should always be suspicious of people who want to plug external devices into your machines.