In 2019, a Chinese woman, Yujing Zhang, entered President Trump’s Mar-a-Lago resort claiming she was there to use the swimming pool. However, following further questioning, since she did not come with a bathing suit, Zhang claimed that she was there to attend a United Nations Chinese American Association event. This event did not exist. Suspicion regarding her true intentions led to her arrest where it was found that Yujing Zhang was carrying two Chinese passports, a laptop, four phones and a USB drive.
Mar-a-Lago Rogue Device Based Attack
Subsequent to the discovery of the USB device, Secret Service agents tested it only to find that, when plugged into a computer, it began immediately downloading files. Indicating that the bad USB was infected with malware. This presents two risks: humans and infected peripheral devices.
Infected peripheral devices are those which act with malicious intent but are recognized by both the human eye and the host PC as a genuine device. Thereby not raising any suspicions about its true intent. As such, these hacked devices are able to carry out their attacks whilst going undetected.
To the human eye, the device looks like a regular USB and, to the host PC, it is recognized as a fully functional HID keyboard. Rogue devices, such as the RubberDucky, can use keyboard emulation to execute a covert channel communication stack. By creating an out-of-band connection using the device’s wireless interface, an air-gap can be bypassed. Spoofed peripherals require minimal current consumption, which can be supplied by the host PC. Allowing hackers to perform network packet sniffing and to exfiltrate information out-of-band remotely due to the integrated WiFi functionality. The information that could have been obtained in this case could be extremely sensitive. Since this is the resort belonging to the President of the United States and a place he was visiting at the time of the attempted hardware attack.
Enhancing CyberSecurity with Sepio
The security breach at Mar-a-Lago in 2019 highlights the growing risk of rogue devices in high-profile locations. When Yujing Zhang entered the resort with malicious USB devices, it revealed how easily seemingly innocuous hardware could bypass traditional security measures.
Rogue devices like the one used at Mar-a-Lago operate under the radar. These devices mimic legitimate peripherals such as USB drives or HID keyboards, fooling both human users and host systems into trusting them. Once connected, they can execute covert attacks, exfiltrate sensitive data, or even bypass air-gapped networks using wireless interfaces. These threats underscore the necessity of comprehensive asset visibility and risk mitigation.
Sepio’s patented hardware security technology provides unparalleled rogue device detection and mitigation. By enabling full asset visibility, Sepio helps organizations identify every connected device, including shadow IT and spoofed peripherals. This ensures that threats like bad USBs or rogue HIDs are detected and neutralized before they can cause harm.
Talk to an CyberSecurity Expert Today
Learn how Sepio’s platform can help secure high-risk environments like Mar-a-Lago from rogue device-based attacks. With Sepio, you gain control over your asset risks, ensuring robust protection against evolving threats.
Download the Mar-a-Lago Case Study (pdf)