Your questions, answered by Cybernews - Can your vape be hacked?

The increasing sophistication of vaping devices, now equipped with screens, Bluetooth connectivity, and applications, presents an emerging cybersecurity concern, according to the Cybernews research team. What began as simple nicotine dispensers are evolving into “smart” gadgets, and as with any internet-connected device, they become potential tools for cyberattacks. Researchers indicate that many disposable vapes blur the line between basic electronics and microcomputers, with some models capable of being used similarly to Raspberry Pis for simple automation or hosting basic applications, underscoring their inherent computational capabilities.

A significant threat vector identified involves social engineering, where a modified vape could function as a USB Rubber-Ducky device. This allows for the delivery of malicious payloads. The scenario described by researchers involves asking someone to charge a compromised vape from their phone or computer, thereby executing the hidden malicious code. This highlights a tangible risk where everyday interactions, like lending a charger, could be leveraged for surreptitious compromise of devices by seemingly innocuous objects.

Beyond direct payload delivery, vapes could be repurposed as covert computing devices for reconnaissance. With sufficient modification, these devices could be fitted with additional sensors or communication modules, such as external Wi-Fi or Bluetooth chips. This transformation could turn a vape into a pocket-sized scanning tool capable of wardriving—passively mapping and indexing nearby Wi-Fi networks including their names, signal strength, and security settings. Similarly, added Bluetooth hardware could automate the detection of vulnerable nearby devices, posing a discreet threat for physical penetration testing or surveillance.

While the potential for such exploits exists, the Cybernews team stresses that these scenarios require significant technical skill and customization, involving expertise in reverse engineering and hardware hacking. They note that many of these advanced attack methods could be executed more easily with other hardware. However, the demonstrated capabilities by electronics hobbyists, such as repurposing a vape’s microcontroller to act as a fully functioning web server or streaming classic games on its tiny display, serve as concrete proof of the computational power and modifiability inherent in these devices, warranting attention from security professionals.

To read the complete article see: Can your vape be hacked?