Suspect Chinese e-cigarette manufacturers are hardcoding USB charging units with malware. If an infected e-cigarette USB charger is used to connect with a computer, malware can be downloaded. This information is being supplied for your situational awareness.
- E-cigarettes were invented in 1963, but further developed in 2003.
- E-cigarettes are charged via USB connected chargers or directly into computers.
- USBs continue to be infected with malware through hardcoding within the manufacturing process.
Using a USB as a malware delivery system is not a new phenomenon, but illustrates how companies can be easily breached in a very innocuous way. If you have ever questioned the legitimacy of an $5.00 Ebay, made in China USB connected item, you should seriously think twice before purchasing and using it with your computer.
Publication Date: 28 November 2016
Handling Requirements: Traffic light protocol (TLP) GREEN
Attribution/Threat Actors: Chinese e-cigarette manufacturer(s)
Actor Type: Adversary capabilities have been assessed as Tier II
Potential Targets: Financial, business and retail sectors
Past Reporting: DOC-4214