Devices at properties owned by the President of the United States — including Mar-a-Lago in Florida — can be easily hacked in minutes.
According to a bombshell new report by ProPublica and Gizmodo, there are multiple open Wi-Fi networks that don’t require passwords, printers without passwords, and servers equipped with outdated software that can all be easily hacked by anyone with basic equipment. At least four of Trump’s properties also have unencrypted login pages where hackers could feasibly break in and obtain sensitive back-end information.
“Without encryption, spies could eavesdrop on the network until a club employee logs in, and then steal his or her username and password,” wrote reporters Jeff Larson, Surya Mattu, and Julia Angwin. “They then could download a database that appears to include sensitive information on the club’s members and their families, according to videos posted by the club’s software provider.”
Cybersecurity experts quoted in the report said that the vulnerability of networks at Mar-a-Lago, along with other networks and devices at three other Trump-branded properties — the Trump International Hotel in Washington, DC, and two golf courses in Bedminster, New Jersey, and Sterling, Virginia — is a potential national security concern.
“Those networks all have to be crawling with foreign intruders, not just ProPublica,” Immunity, Inc CEO Dave Aitel told ProPublica, adding that the networks were likely beyond saving.
“Once you are at a low level of security it is hard to develop a secure network system. You basically have to start over,” he said.
“I’d assume the data is already stolen and systems compromised,” said SentinelOne chief of Security Strategy Jeremiah Grossman.”
[W]e visited the Trump International Hotel in Washington, D.C., where Trump often dines with his son-in-law and senior adviser Jared Kushner, whose responsibilities range from Middle East diplomacy to revamping the federal bureaucracy. We surveyed the networks from a Starbucks in the hotel basement.
From there, we could tell there were two Wi-Fi networks at the hotel protected with what’s known as a captive portal. These login screens are often used at airports and hotels to ensure that only paying customers can access the network.
However, we gained access to both networks just by typing “457” into the room number field. Because we provided a room number, the system assumed we were guests. We looked up the hotel’s public IP address before logging off.
From our desks in New York, we could also tell that the hotel is using a server that is accessible from the public internet. This server is running software that was released almost 13 years ago.