In 2019, a Chinese woman, Yujing Zhang, entered President Trump’s Mar-a-Lago resort claiming she was there to use the swimming pool. However, following further questioning, since she did not come with a bathing suit, Zhang claimed that she was there to attend a United Nations Chinese American Association event. This event did not exist. Suspicion regarding her true intentions led to her arrest where it was found that Yujing Zhang was carrying two Chinese passports, a laptop, four phones and a USB drive.
Mar-a-Lago Rogue Device Based Attack
Subsequent to the discovery of the USB device, Secret Service agents tested it only to find that, when plugged into a computer, it began immediately downloading files, indicating that the USB was infected with malware. This presents two risks: humans and infected peripheral devices.
Infected peripheral devices are those which act with malicious intent but are recognized by both the human eye and the host PC as a genuine device, thereby not raising any suspicions about its true intent. As such, these devices are able to carry out their attacks whilst going undetected.
To the human eye, the device looks like a regular USB and, to the host PC, it is recognized as a fully functional HID keyboard. Rogue devices, such as the RubberDucky, can use keyboard emulation to execute a covert channel communication stack. By creating an out-of-band connection using the device’s wireless interface, an air-gap can be bypassed. Spoofed peripherals require minimal current consumption, which can be supplied by the host PC, allowing perpetrators to perform Network Packet sniffing and to exfiltrate information out-of-band remotely due to the integrated WiFi functionality. The information that could have been obtained in this case could be extremely sensitive, since this is the resort belonging to the President of the United States and a place he was visiting at the time of the attempted attack.
Security breach at mar a lago, more specifically, a rogue device attack.
Sepio’s Hardware Access Control HAC-1, provides 100% hardware device visibility.
HAC-1 enables Hardware Access Control by setting rules based on the devices characteristics.
HAC-1 instantly detects any devices which breach the set rules and automatically block them to prevent malicious attacks.
The idea is to Verify and then Trust that those assets are what they say they are.
Sepio’s HAC-1 brings the ultimate solution to zero trust adoption by providing 100% hardware device visibility for MSSPs
With greater visibility, the zero-trust architecture can grant access decisions with complete information.
Thus, enhancing the enterprise’s protection within, and outside of, its traditional perimeters.
The Hardware Access Control capabilities of HAC-1, block Rogue Devices as soon as they are detected
Additionally, HAC-1 stops an attack at the first instance, not even allowing such devices to make network access requests.
HAC-1 is here to protect Government Agencies and the nation’s critical infrastructure
Lastly, embracing Zero Trust Hardware Access to prevent security breach at mar a lago is key.