The Most Hacked President

The current US President is a beginner’s class in hacking. Let’s rewind back to the end of January.

Lost amid the swirling insanity of the Trump administration’s first week, are the reports of the President’s continued insistence on using his Android phone (a Galaxy S3 or perhaps S4). This is, to put it bluntly, asking for a disaster. President Trump’s continued use of a dangerously insecure, out-of-date Android device should cause real panic. And in a normal White House, it would.

A Galaxy S3 does not meet the security requirements of the average teenager, let alone the purported leader of the free world. The best available Android OS on this phone (4.4) is a woefully out-of-date and unsupported. The S4, running 5.0.1, is only marginally better. Without exaggerating, hacking a Galaxy S3 or S4 is the type of project I would assign as homework for my advanced undergraduate classes.

I know, that one’s a bit old, but it nicely bookends more recent reporting.

We also visited two of President Donald Trump’s other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Va. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.

The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises.

“Those networks all have to be crawling with foreign intruders, not just [Gizmodo and] ProPublica,” said Dave Aitel, chief executive officer of Immunity, Inc., a digital security company, when we told him what we found.

Worried that your Pringles can will rat you out? Not to worry, planting a pineapple is easy-peasy.

At the White House, visitors must undergo a rigorous background screening before they’re let in the door. Agents scan every visitor’s full name, birth date, Social Security number, city of residence and country of birth.

But at Mar-a-Lago, gaining entry doesn’t require that degree of disclosure. Guests entering the club go through multiple security checkpoints staffed by the Secret Service looking for weapons or other immediate threats. But there’s only one requirement to produce a photo ID, and the club itself does not ask guests to provide their names or other information when they enter through the main wrought-iron gated door.

The club also serves as a venue for ticketed public events. Hosts for the slate of political and charity dinners booked at the president’s part-time home from now to the end of the club’s season in May told POLITICO the only request for information about attendees has come from the club itself. And all they’re asked to provide is a name, not additional information that can be used for Secret Service background checks in the event the president is in residence.

I’m a bit shocked no-one has tried blackmailing Trump yet. Maybe there are too many people jockeying for that honor? The WiFi networks probably look like a Spy vs. Spy comic by now.