top

PLEASE VERIFY YOUR AGE BEFORE EXPLORING THE SITE.

By entering the site, you certify that you are over the age of 21, and you acknowledge you have read and understand the following California Proposition 65

Warning: This product contains nicotine, a chemical known to the state of California to cause birth defects or other reproductive harm.

E-cig device malware

Will Your Mod Give You Malware? The Myth Returns

In late 2014, a story from Reddit ended up plastered all over the internet, with reputable news sites warning vapers that you can get malware from your e-cigarette. The story was quickly dismantled by vapers, from the dubious source of the story – who didn’t have any details beyond the likely copied-and-pasted text – right through to the plausibility of the approach and whether or not it would even be worth it.

 

But in the world of vaping, no piece of potentially fear-inducing news can be left to die. Thanks to security researcher Ross Bevington and an anonymous hacker, the “your e-cig will give you malware” story is back for another round.

 

But although the story may have returned, it hasn’t got much more credible over the past few years. Here’s why you don’t have to worry about your mod giving you malware.

 

The Tales From Tech Support E-Cig Malware Scare

 

Before we get on to the new version of the story, we should recap what happened the first time around. In November 2014, a redditor who goes by Jrockilla posted a story to TalesFromTechSupport about an executive whose computer was infected with malware, but no clear source could be identified. After some investigation, it was supposedly found that the USB charger for his e-cig (which the stories always point out was Chinese-made) had malware hardcoded into it.

 

People in the comment thread pressed the poster for more information about the type of charger and other details, but he couldn’t answer the questions, at one point explaining “it is just a story.” In other words, there is no hard evidence that this even happened at all.  

 

James Dunworth at the Ashtray Blog looked at the story in detail, and spoke to e-cigarette and internet security experts, who acknowledged that it would be possible but stressed that it would be a lot of work for very little reward.

 

But when the media found out about it, the unverifiable and unlikely story quickly took on a life of its own and was spread across the internet regardless.

 

The Myth Returns: Proofs of the Concept, No Proof It’s Happening

 

Almost three years later, the myth has returned. Ross Bevington gave a talk at BSides London where he showed that an e-cigarette can be modified to either fool your computer into thinking it’s a keyboard or mess with your network traffic. While you can’t do this to a locked laptop, similar approaches don’t have that setback.

 

A more lighthearted addition to the story is another proof-of-concept type stunt from a researcher and hacker called FourOctets. He opened up a mod, added a chip and wrote a little bit of code so that computers would recognize it as a keyboard or a mouse. He originally did it as a joke, making it so that when the mod was plugged into a computer, it opened Notepad and wrote “DO U EVEN VAPE BRO!!!!!”

 

But of course it if someone really wanted to, they could use a similar approach to set up a mod to do something more dangerous when you plug it in, like download malicious programs.

 

Why You Shouldn’t Be Worried About Malware From Your Mod

 

As these stories show, it is possible that a mod could be used to tamper with your computer, but “possible” is a far cry from “actually happening.” Like the older story, there are many reasons that this type of attack just isn’t especially likely.

 

Nearly Three Years Later: Still No Real-World Examples

 

The biggest issue with the story is that there are still no examples of this actually happening in the real world. The TalesFromTechSupport story is the closest thing that we have, but this is an anonymous story posted to Reddit. That doesn’t mean that it’s not true, but it’s hardly a ringing endorsement that the story is the real deal.

 

We need to remember that this story was posted in November 2014. After over two and a half years, there isn’t a single verified example for the media to parade around. E-cigarettes have continued to gain popularity, so there are more potential targets than ever for a hacker. And the idea itself has been out on the internet, just waiting to be used, all this time. Either it really has happened but somehow nobody has heard anything about it (despite millions of vapers around the world), or the hackers just don’t really think it’s that good an idea.

 

Despite all this, we’re now seeing misleadingly-bold headlines like “Hackers Use E-Cigarettes To Transmit Malware” cropping up day by day.

 

How Much Code Can You Fit On a Mod?

 

One big problem acknowledged by the news stories is that there isn’t actually much storage space to work with on an e-cigarette. Ross Bevington, who gave the talk that spawned the recent stories, commented that:

 

This puts limitations on how elaborate a real attack could be made. The WannaCry malware for instance was 4-5MB, hundreds of times larger than the space on an e-cigarette.

 

Although he does stress that the e-cig could be set up to download a larger file that could do more harm to your computer.

 

John Hawes, the security expert the Ashtray Blog spoke to when the original story emerged, had similar reservations about how much you could really do with an e-cig or a charger:

 

From a technical point of view it’s not entirely impossible. Someone could feasibly (just about) doctor an adaptor (or battery in the case of those which just have a micro-USB socket on them) and pre-load it with malware, but given the size of most of them it would be quite a task, and the returns would be minimal.

 

The bottom line is that mods aren’t the best choice if you’re looking for a USB device to transmit a virus to somebody’s computer. If only there were other USB devices which could be exploited in the same way…

 

Malware Threats Don’t Just Come from Your Mod

 

Of course there are tons of USB devices that can be used in the same way, including ordinary USB thumb drives and your cell phone. Even digital picture frames have been involved in malware infections.

 

This all raises the question: why all the focus on e-cigarettes? Proof of concepts with USB thumb drives have gone a lot further than the e-cigarette example did, too. For example, one masquerades as an ordinary storage device, but actually emulates a keyboard and has a hidden drive containing a simple Linux operating system. If you restart your computer with this plugged in, it goes into your BIOS, boots up the operating system and infects your computer with a boot virus from there. Try doing all that with a modified iStick.

 

Most USB Charging Cables Are Immune From the Issue

 

Most of the time, any attempt to use a mod to transmit malware would be stopped by the charging cable itself. USB connections only have one pin each for power and ground, and two for data. In most cases there are only wires connected for the power and ground. Without the data wires, the cable simply can’t be used to transmit any information that could lead to your computer getting malware. When the Ashtray Blog cut open USB charging cables used for e-cigarettes, none of them had data cables even connected.

 

Of course this isn’t the case for every e-cigarette charger. In fact, if your mod has updatable firmware, there will be a data connection that could be exploited in the USB cable. However, this still would require somebody to actually modify the device you’re using. Again, the plausibility of this as an approach is questionable at best.

 

Would the Factory Infect Your Device?

 

If you were intent on spreading malware through a mod, rather than using a less expensive and labor-intensive method that would probably result in a bigger payoff, the best way to do it would be to hardcode the malware in at the factory.

 

This is completely possible, of course, but the question is why? The factory will either be owned by an e-cigarette company or will sell to them, and those products eventually go out to customers. Imagine the uproar if a new batch of mods from one specific company gave everybody who plugged it in a virus. Vapers would be furious and the company would undoubtedly lose custom for either being purposefully malicious or for being careless enough to let it happen. If the problem was traced back to the factory, then people there would stand to lose a lot more than they’d be likely to gain by infecting e-cigarettes.

 

I’m sure there are less reputable manufacturers out there who might not worry too much about upsetting their customers, but it’s obvious that any respectable company simply wouldn’t risk losing customers by shipping out virus-infected mods, especially with so little guarantee it would work.

 

Would a Friend Infect Your Computer?

 

So if the issue probably wouldn’t come from the factory that made the mod, it would be down to individuals like FourOctets to put the malicious code onto the e-cigarette manually. Again, this could definitely happen, and the new stories prove this.

 

But yet again it seems unlikely to work in reality. You probably wouldn’t have access to someone else’s mod for long enough to set something like this up. So it would realistically have to be your own device, which you then ask to charge using somebody else’s computer.

 

Maybe I’m unusual here, but the only people who would even ask to use the USB port on my computer are people I know pretty well. Perhaps if you were having a party and a friend of a friend or a gatecrasher asked to use the USB port on your computer, it would be possible, but the situation seems pretty unlikely.

 

If you’re like most people and don’t just let random strangers plug things into your computer’s USB port, there aren’t many ways this could even come up. And almost all of them involve you having some seriously bad friends.

 

Why Would Anybody Try to Spread Malware Through Mods?

 

By far the biggest issue is why anybody would try to spread a virus in such an inefficient way. When you could easily reach millions of potential victims by email, would you really spend all the time getting a trimmed-down version of a virus into a mod and hoping everything works out as you planned? And if you really wanted to use a USB device – for whatever reason – why would you choose an e-cigarette rather than something more widely-used and fit for the purpose?

 

The Very Simple Solution to Malware Infected Mods

 

If you needed any more reason to be unconcerned about this whole story, it’s actually incredibly easy to avoid malware infections from your mod. All you have to do is charge your mod using a wall socket instead of your computer. Then even if there was a virus coded into your mod (which there almost certainly isn’t) it would accomplish nothing whatsoever. If someone you don’t know asks to charge something over USB, give them a USB wall adapter to use instead of your laptop.

 

The “E-Cigarettes Give You Malware” Myth Needs to Die

 

So putting all of this together, it’s clear that there is next to no risk of your e-cigarette being used to infect your computer with malware. It’s taken almost three years to go from unverified online anecdote to some less-than-impressive proofs of concept, and in all of this time there have been no reports at all of anything like this actually happening. And even if it was an issue, avoiding the risk entirely is laughably simple.

 

The idea that your mod will give you malware might get a lot of traction in the news, but it’s not much of a surprise we’re yet to see verified examples of this happening in the real world.  

Lee Johnson

Lee Johnson

Writer at Black Note
Lee is a writer and vaper from the UK. He quit smoking (without intending to) when he started vaping in 2012, and now writes for EcigaretteReviewed and E-Cigarette Direct's Ashtray Blog. He's always searching for a new all-day vape, loves rebuilding and is passionate about providing smokers with accurate information about the harm reduction potential of vaping. He drinks too much tea.
Lee Johnson

NEVER MISS A BEAT: Join OUR COMMUNITY

NEVER MISS A BEAT: Join Our Tribe

What is E-Juice?

E-juice, also known as e-liquid or vaping liquid, is the liquid that’s placed in the vaping device and subsequently atomized into vapor. When you go to buy e-juice, you’ll notice it contains a mix of several ingredients. These typically include vegetable glycerin (VG), propylene glycol (PG), some type of flavoring, and nicotine.

VG and PG form the base of the e-liquid. VG is a component used in food and personal care products; its role in e-liquid is to create a thick, dense vapor. PG is another popular solvent used in a variety of everyday items. It carries the e-liquid flavor, provides the “throat hit,” and enhances the vaping liquid’s ability to soak into wicks or cartomizer materials.

Nicotine is an optional ingredient, often available in different levels. E-juice also contains some type of flavoring.

Black Note leads the pack of tobacco vaping liquid by using only natural flavoring – extract from real tobacco leaves to produce real tobacco taste. When you go to buy e-juice from other companies, you may find any number of chemicals used to create synthetic flavors that include fake strawberry, manufactured vanilla, and even man-made tobacco flavors.

If your aim when you buy e-liquid is to experience the subtle nuances, genuine flair and authentic taste of real tobacco, then you’ll be on the mark if you buy e-juice from the Black Note lineup.

Best E-Juice

When you’re going to buy e-liquid, it’s only natural you’ll want the best e-liquid. But what, exactly, does it “best e-juice” mean? We’ll tell you.

For starters, you’ll want an e-juice that doesn’t contain all kinds of strange chemicals and concoctions that you can’t even pronounce. True, even the best e-liquid will contain vegetable glycerin (VG) and proplene glycol (PG), which serve as the base of e-juice, but you don’t necessarily need a host of other chemical compounds.

The best e-juice will stick to natural ingredients, like real tobacco extract, rather than rely on synthetic flavorings, colorings and other additives. Diacetyl is one of those synthetic ingredients that has gotten a pretty bad rap, although its use is not all that uncommon for producing sweet e juice flavors.

Definitely read the ingredient list before you buy e-juice to ensure you recognize what’s on it. Better yet, see if the e-juice company offers a lab report to confirm what’s actually inside the e-liquid.

In addition to having as few chemical ingredients as possible, the best e-juice will have an amazing taste. For those who enjoy authenticity over imitation, the most amazing taste is the most natural taste, especially when it comes to tobacco. Since Black Note uses real extract from tobacco leaves, we not only avoid all those weird chemical flavorings, but we also produce the most authentic experience: tobacco vaping liquid that actually tastes like tobacco.

Best E-Liquid on the Market

Anyone looking for the best e-liquid on the market need look no further than Black Note. Black Note tobacco vaping liquid ranks as the best e-juice across the board in every category, starting with the taste.

Black Note’s main claim to fame is producing a tobacco vaping liquid that actually tastes like real tobacco. That because we use real tobacco extract, not chemicals, to create the best e-juice tobacco flavor. Using extract from real tobacco leaves retains tobacco’s nuances and flavor notes, giving you the most authentic and multi-faceted tobacco experience.

In addition to being the best e-juice for tobacco taste, Black Note also has the best e-liquid manufacturing process. We spent years researching and testing various production methods, and finally landed on one that we believe is absolutely perfect.

It starts with growing carefully selected tobacco seeds, followed by an equally precise of steps that include an extensive natural extraction process. Even our bottling and packaging is done with the utmost care, using recycled and recyclable packaging materials to ensure our products are as earth-friendly as they are vapor-friendly.

One more category where Black Note ranks as the best e-liquid is with the value. Every order comes with free domestic shipping, one-to-three day domestic shipping guarantee, and a 90-day, money-back satisfaction guarantee. If you’re not happy for any reason, or don’t agree we’re the best e-juice on the market, send it back on us and we’ll refund your money.

Vape Juice Ingredients

Vape juice ingredients can be pretty straightforward – or not. At the very least, most vape juice contains propylene glycol (PG), vegetable glycerin (VG), and some type of flavoring. Nicotine has largely become an optional ingredient that can be included at varying levels or left out altogether.

Vegetable glycerin (VG) and propylene glycol (PG) are usually the two main ingredients that make up the base of most vape juice.

VG is a plant-based substance with the ability to produce a dense, thick vapor. PG is an additive found in many food items and certain medicines. It carries the flavoring, provides the “throat hit” and enhances the vape juice’s ability to soak into the wicking materials.

Nicotine levels can vary, as can ingredients that make up the flavorings. The components that make up vape juice flavoring are where ingredients can get rather complicated.

Vape juice that relies on artificial flavorings can contain any number of extraneous chemicals and other additives, whatever it takes to recreate the flavor the ecig juice is going for.

Black Note uses only natural flavorings: extract from real tobacco leaves. That keeps our ingredient list incredibly simple, backed by a lab report to prove it. You won’t find any strange chemical concoctions used to produce our tobacco flavor, just real tobacco extract that delivers a real tobacco experience.

What is the Best Flavor for Ecig Juice?

From strawberry shortcake to banana rum, ecig juice comes in tons of flavors. While folks can debate and discuss all the fruity, sweet or food-like flavors all day long, the best flavor for e-cig liquid is straight-up tobacco.

Why? Vaping was originally created as an alternative for traditional cigarettes, mainly for those who enjoy the taste of tobacco. And when you can find an e-cig liquid that is able to recreate tobacco’s full-bodied yet delicate flavor notes and nuances, but without the harmful chemicals found in cigarettes, then you’ve found the best ecig juice.

Recreating tobacco’s complex flavor isn’t easy, especially when it’s attempted with artificial ingredients. That’s why Black Note sticks to the real thing, extracting the essence of real tobacco leaves to flavor our vaping liquid. Not only does this avoid the harmful chemicals in cigarettes, but it also eliminates the flavoring chemicals found in many ecig juices. The end result is real tobacco taste, an authentic tobacco experience and the best flavor for ecig juice you can find.

Notice also we said the best e-cig flavor was straight-up tobacco, not plain old tobacco. Black Note’s real tobacco vaping liquid happens to come in a variety of different blends, from the light and airy to the peppery and robust. Not all tobacco is created equal, and different blends capture the specialized subtleties that make each tobacco unique.

Best Sweet Tobacco E-Juice

When it comes to sweet tobacco e-juice, your options can be broken down into two categories.

The first category contains tobacco e-juice that overlays the tobacco flavor with artificial chocolate, caramel, vanilla, fruity or other dessert-like flavorings. We wouldn’t classify any such flavors as the best tobacco e liquid, simply because they typically use chemicals and other artificial ingredients to create the tobacco taste, the sweet taste, or both.

The second category of sweet tobacco e-juice is where you’ll find the best tobacco e-liquid, sweet or otherwise. This category contains vaping liquid created using only natural flavorings, which is exactly where Black Note fits in. Instead of concocting flavors using synthetic ingredients, Black Note uses an extensive extraction process that slowly and deliberately extracts the tobacco essence from real tobacco leaves.

The result is the best tobacco e-juice: tobacco vaping liquid that actually tastes like real tobacco. And if you’re going for the best sweet tobacco e liquid, we have a few tobacco blends that offer varying levels of sweetness.

Prelude is our sweetest tobacco e-liquid, containing golden Virginia tobacco. Made from fire-cured dark Virginia tobacco, Sonata is our Cavendish blend with a mildly sweet and nutty flavor. Solo is our menthol blend, giving you a semi-sweet minty taste created from natural menthol crystals extract from dried mint leaves.

For the best tobacco e-liquid that’s naturally sweet and remarkably delicious, Black Note is at your service.

WARNING: Black Note products are not smoking cessation products and have not been tested as such. Black Note products are intended for use by adults of legal smoking age (21 or older in California), and not by children or women who are pregnant or breastfeeding. Black Note products contain nicotine, a chemical known to the State of California to cause birth defects or other reproductive harm. Ingestion of the non-vaporized concentrated ingredients can be poisonous. Keep out of reach of children and pets. For immediate advice, contact poison control center: (800) 222-1222