Speaking to Sky News, Bevington said: “PoisonTap is a very similar style of attack that will even work on locked machines.”
Once safely connected to the PC, the e-cigarette could deliver just a few lines of code that would then kickstart the download process of a powerful virus.
Earlier on this year, another hacker and researcher known as FourOctets uploaded a video to Twitter which showed how an e-cigarette could be used to deliver just enough code to force a message to appear on the screen.
While this act is in itself relatively harmless, it does beg the question of what else could be loaded onto an e-cigarette. Fortunately there is usually very little space available on them to host this code. “This puts limitations on how elaborate a real attack could be made,” said Bevington. “The WannaCry malware for instance was 4-5MB, hundreds of times larger than the space on an e-cigarette. That being said, using something like an e-cigarette to download something larger from the Internet would be possible.”
Following this news, Cesare Garlarti, Chief Security Strategist at prpl Foundation made this comment: “The security of the Internet of Things is fundamentally broken. Developers and manufacturers understandably are eager to get their new hi-tech devices to market and unfortunately often overlook security. The e-cigarette example here is a prime example. The prpl Foundation advocates three focus areas to make IoT more secure: using open source, forging a root of trust in hardware and security by separation.
“Interoperable open standards are the key requirement if we’re to improve IoT security even in the smallest of connected devices – they will reduce that complexity by effectively outsourcing the trickiest security work to the subject matter experts.”