E-Cigarettes Infecting Computers with Malware? The Latest Scare Story
By Lindsay Fox Posted December 3, 2014
If you believe the news, e-cigarettes are explosion-prone fire-starters filled with liquid poison that are pretty much designed to kill your kids by addicting them to tobacco. Seasoned vapers (or, more broadly, people who think about claims they read in regurgitated press releases) have learned to take such stories with a pinch of salt. OK, a humongous mountain of salt. In reality, fires and explosions are incredibly rare (and possible with any lithium-ion based device) and the gateway hypothesis is full-on bunk. But the scare-stories keep coming, and the newest thinly-veiled attempt to stoke fear of e-cigarettes is a curious one: e-cigarettes can infect your computer with malware.
E-Cigarettes and Malware – The Story
The report is based on a Reddit post. The poster is from a large corporation, and tells the story of an executive with a problematic infection on his computer. He had up-to-date anti-virus and anti-malware protection, and his web logs were investigated for a potential source of the infection, all to no avail. In the end, they asked if anything had changed in his life recently, and he said he’d been vaping for a couple of weeks. It turns out that the USB charger for his Chinese-made e-cig had malware hard-coded into it. His e-cig had infected his computer with malware, like some kind of digitized STD.
This type of thing has been happening for several years now, with devices such as MP3 players, GPS devices and digital photo frames. There is also a proof-of-concept approach called BadUSB, which involves reprogramming USB devices (like ordinary removable storage drives) to infect computers. The fact that anti-malware scanners can’t access the firmware on USB drives makes it harder to detect, and according to SRLabs (the group behind BadUSB) even re-installing your operating system may not help, since it doesn’t address the problem at its root. There’s a full talk from them about BadUSB on YouTube, if you’re interested.
So, Am I Going to Get Malware if I Charge My E-Cig?
In short, probably not. News outlets have jumped on this incident, but it’s important to remember that it’s just one report. Of course, it will have undoubtedly happened to others (unless that particular company has only sold one infected device), however, the fact that e-cig USB chargers have been becoming increasingly widespread since 2008 but this is the first report of such an incident shows that it’s very rare indeed.
And you can rest assured that reputable manufacturers will not be infecting their USB chargers, unless they want to commit financial suicide by driving all of their business away. Dave Goss from London’s Vape Emporium commented to UK newspaper the Guardian that choosing respected manufacturers like Innokin, Aspire and KangerTech is a virtually sure-fire way to avoid any problems. Many products also have authenticity-checks in place, where you can scratch away a section of the packaging to reveal a unique code that can be checked on official websites.
In addition, he points out that any device with a USB charger is at risk for such infections. Of course, there’s no surprise that e-cigarettes are the media’s favored target for stories like this – they also do things like call e-cigs a fire hazard without so much as a reference to the much bigger fire hazard from cigarettes. There is an inherent desire to paint e-cigarettes as a unique risk in various ways, despite the fact that the risks are in no way unique to them. You’re just as likely to pick up malware from a cheaply bought MP3-player charger as you are from an e-cig charger, but nobody is interested in creating mistrust of MP3 players.
And there are potential solutions, in any case. One example (pointed out by a commenter on the original Reddit thread) is the USB condom, which allows the power supply to run through but cuts off the data pins to prevent any malicious attacks.
Smoking-Related Diseases: Biological “Malware”
With e-cigs, every single risk must be placed into context. If vaping didn’t exist, those currently inhaling vapor would probably be doing the same thing with smoke. Of course, cigarettes have no electronic components and therefore have no comparable risk to your computer. However, if you think of your body’s “programming” (i.e. your genes) then the “malware” smoking infects you with is insidious and deadly. By damaging or altering your DNA, as everybody knows, smoking causes cancer. In comparison, the levels of carcinogenic compounds in e-cig vapor are absolutely miniscule, and it’s widely expected that even long-term vapers won’t develop cancer or the whole host of other smoking-related diseases.
So for many smokers, the choice is one between a miniscule chance of a computer infection (if you buy from an untrustworthy manufacturer) and a very real possibility of developing cancer or any one of a multitude of diseases. While I can’t speak for everyone, I for one would prefer a corrupted computer to a cancer-ridden body.
Yes, just like any USB device, e-cigarette chargers can be used as a Trojan horse for computer infections, but this is far from a reason to worry when the risks are placed into context. Being a sensible consumer helps you go a long way to removing the risk altogether, but even in the worst case scenario, anybody in their right mind would be much happier with a computer virus than malicious coding in your DNA. The scare-stories dissolve into meaninglessness when viewed objectively in comparison to the alternative.