Maleware loaded into computer through usb charging

[WattWick]

Oh crap... thought this would be just a silly little story noone would notice... until I checked the daily news.

Dagbladet is one of the major newspapers in Norway. It's in Norwegian, of course. Just linking anyway.

E-sigaretter kan gi deg datavirus - nyheter - Dagbladet.no

Of course they get backing by an expert that essentially says "anything is possible". What else can he say?

 

[Kintrol]

I can verify that this is very true with a lot of the struggling e-cig companies. I myself being chinese and working directly with chinese manufactures in my last job with a big e-cig company understand that most of the clone companies have very wild ideas on how to get more business. One of them is definitely malware as designer at a manufacturer I used to work closely with suggested inserting programs into charging cables to help "track" vaping habits on multiple occasions.

I say, dont ever charge ecigs with your comp.

 

[Maiar]

1) I doubt if these companies we're struggling they could afford to load memory devices into their chargers and also pay to have programmers create spy or malware for them. And not just spyware, but good spyware that can actually bypass computer security and load stuff onto your machine without your computer at least informing you that a new device has been detected and asking you what to do with it. If you can afford to pull that off then you probably aren't struggling that much.

2)In this day and age, if you don't have robust computer security and are fond of plugging strange devices into your computer, then you've got bigger problems.

 

[dice57]

crap, so this probably means I ain't getting the free iPad, and I wasn't really selected to win 10k a week for life??? frak, come on, can't anyone trust anyone???

 

[Lessifer]

crap, so this probably means I ain't getting the free iPad, and I wasn't really selected to win 10k a week for life??? frak, come on, can't anyone trust anyone???

No, but I have been meaning to contact you. I was hired by your long lost uncle, the Nigerian Prince, who recently passed away. I can forward you your inheritance if you send me a money order for $1000 to cover the shipping costs.

 

[Nermal]

I doubt she needs another camel, Lessifer.

 

[dice57]

No, but I have been meaning to contact you. I was hired by your long lost uncle, the Nigerian Prince, who recently passed away. I can forward you your inheritance if you send me a money order for $1000 to cover the shipping costs.

hmm, lets see, heritage wise, am of Danish and German decent, with some English along the way No Nigerian Prince, but if you send a pic of the Nigerian Princes, will help with passport papers.

and come on now, everyone know's the 1k thing is a scam, the real deal one is where you send them photo copies of your ID, birth certificate, dna sample, and major credit cards. HA, I can spot a scam just by reading the email subject title.

I doubt she needs another camel, Lessifer.

Hey now, although I did smoke camels, the one Eyed Jedi equipment puts me in the definitely "not she" category. Or something like that.

 

[Lova]

There is a thread already going on with this same subject, which has been debunked as faulty/hoax multiple times:

http://www.e-cigarette-forum.com/forum/showthread.php?t=625339
E-cigs can cause Mal Ware thru USB port

 

[SthrnCelt]

There is a thread already going on with this same subject, which has been debunked as faulty/hoax multiple times:

E-cigs can cause Mal Ware thru USB port
E-cigs can cause Mal Ware thru USB port

Yeah but it's really fun to read this thread

 

[nyiddle]

I read that China has control of something like 11 million botnets (computers that are essentially zombies, can be used to remotely DDoS) within the US.

But really, I doubt you're getting loaded up with botnets from USB chargers. That's just too much effort. It's more likely you'll get botnetted from visiting -- oh, say.. -- Yahoo. Or, really, any other website on the Internet.

This is funny tho', I'll give it that.

This is basically a "Live DDoS Map".. Look at how many hits are coming from China/out of the US.

 

[AndriaD]

I think they're talking about the ego/cigalike chargers, the one that you screw the battery into. It is possible someone could put something in there, just highly unlikely as there isn't anything in there made to hold software that would interact with the computer, most don't have the data pins enabled, as there's no reason for them to be.

Yeah, I thought about this after I posted that about it being just a cable. Considering the size of modern thumb drives, it is theoretically possible, but like you, I just don't see the point -- those little chargers are less than a buck; putting a data source inside them would be cost-prohibitive, so I see no value. And as someone else pointed out, any PC connected to the internet is almost certainly protected from a wide variety of malware -- and with that protection "in the cloud," the user doesn't even have to exert him/her self to make sure it's updated regularly.

I think this is an ANTZ "urban legend."

Andria

 

[nyiddle]

Is maleware worse than.. femaleware?












It might be time to close this thread.

 

[AndriaD]

1) I doubt if these companies we're struggling they could afford to load memory devices into their chargers and also pay to have programmers create spy or malware for them. And not just spyware, but good spyware that can actually bypass computer security and load stuff onto your machine without your computer at least informing you that a new device has been detected and asking you what to do with it. If you can afford to pull that off then you probably aren't struggling that much.

My thoughts exactly! My computer sounds a tone if I plug my camera in, and it knows that camera very well. When I *do* plug in something it hasn't encountered before, it goes nuts with popups informing me that some kind of burglar is trying to break in.

2)In this day and age, if you don't have robust computer security and are fond of plugging strange devices into your computer, then you've got bigger problems.

Heh. No kidding! But people who would go without protection and plug strange new things in, are exactly the ones that scare story is aimed at.

Andria

 

[retired1]

Folks need to Google BadUSB. Getting infected without your knowledge via USB is possible.

 

[retired1]

Let me expand on this a bit.

USB devices are trusted by the computer. Security programs are designed not to interfere with USB devices. There are already USB devices on the market that allow me (with a bit of social engineering to get people to plug in a USB stick) to completely own your computer system. There are charging boxes designed specifically for the infecting of mobile devices. It's not that much of a stretch to include an instruction set inside an e-cigarette's circuitry that would allow it to infect a PC once it's plugged in to charge.

I expect more cases like this to pop up as more folks figure out how to modify/add instructions to existing USB boards that most folks take for granted.

Personally? I wouldn't use my computer to charge anything. It's that simple.

 

[d4gger]

First post. I'll comment that any usb device is perfectly capable of carrying code. It can cost a few pennies to include storage of a small amount of code. However, with any Windows os after xp sp2, the user has to choose to execute that code when delivered via usb, or have specified to execute all code.
Of course, using wall or car adapters quickly solves the issue and doesn't potentially strain a pc's usb power system.

 

[nyiddle]

I'm a bit confused. I can understand there being malware on a thumb drive, or something that's actually recognized by the PC. Most of these chargers just have tiny little DC converters, and there is no real "handshake" with the computer. ie: When you plug in your Ego charger, it's not like your computer recognizes the device. It doesn't say, "new device detected!" or try to install drivers or anything like that.

I could understand if the USB device was actually interfacing with the computer, then yes, it would be very easy (and almost likely) for there to be something malicious installed on it. I could very, VERY quickly make a USB thumbdrive that simply wipes your C drive, or a tiny file that installs some sort of "payload" (malware, spyware, etc.) from a server. I don't see how a USB charger could do this though, considering (as far as I know) it's not even really recognized as a device by the computer.

Gonna do some more research.

 

[retired1]

The charger is your PC. You don't plug a charger into your computer.

In essence, it's theoretically possible to design the e-cig to deliver the payload once it's plugged into your computer to charge it.

 

[Kevin littell]

Last time I plugged a dongle charger into my computer was somewhere in the early 2012 timeframe.....


So my knowledge of things current is old.


However, back in 2012 when the dongle was plugged in the computer did not recognize a device in the port....no data transfer possible.



So, if you happen to be curious or worried, bring up the "MY Computer" screen up on the display and plug in your dongle.


If it see's a device then this is actually possible....


If not, well need I say more?

 

[Kevin littell]

Is maleware worse than.. femaleware?

Well, Its much more stubborn...


Not nearly as pretty....


And its not nearly as smart as the femaleware but it will never admit it.