Donald Trump's first 100 days: His travel costs in detail IBT

Wireless networks at several properties linked to US President Donald Trump, including his Mar-a-Lago resort in Florida, have poor online security and are extremely vulnerable to hacking, an investigation has found.

According to a joint report by ProPublica and Gizmodo, the Wi-Fi networks at properties including Mar-a-Lago, Trump National Golf Club in New Jersey, Trump International Hotel in Washington DC, and Trump National Golf Club in Virginia were found with weak or absent security settings.

"Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information," the report said.

Hackers could potentially exploit these security vulnerabilities not only to snoop, but also to take control of connected devices and use them to record conversations between people at these properties.

Printers at these properties could also be hacked to capture any documents sent to the device or attempt to infiltrate the entire network.

"Those networks all have to be crawling with foreign intruders," security firm Immunity Inc, CEO Dave Aitel told the news organisations.

At Mar-a-Lago, reporters were able to pick up strong Wi-Fi signals from a boat 800 feet away. Three Wi-Fi networks were found using weak and outdated encryption methods that they said could be hacked "in minutes".

Major hotel chains and hospitality companies have been prone to cyberattacks in recent years, and such vulnerabilities pose serious national security concerns given that Trump regularly conducts presidential business and sensitive discussions at the "winter White House". He has already met Chinese President Xi Jinping and Japanese Prime Minister Shinzo Abe at his properties.

At the Trump National Golf Club in Bedminster, New Jersey, two open Wi-Fi networks were found for anyone to join without a password.

At the Trump International Hotel in Washington DC, where Trump often dines with his son-in-law and adviser Jared Kushner, the group was able to gain access to two Wi-Fi networks from a Starbucks in the hotel basement.

"We gained access to both networks just by typing '457' into the room number field," reporters said. "Because we provided a room number, the system assumed we were guests. We looked up the hotel's public IP address before logging off.

"From our desks in New York, we could also tell that the hotel is using a server that is accessible from the public internet. This server is running software that was released almost 13 years ago."

Mar-A-Lago
US President Donald Trump's Mar-a-Lago, among other properties, have reportedly been found with worryingly poor online security Jim Watson/AFP/Getty Images

The group also visited the Trump National Golf Club in Sterling, Virginia, where they found three encrypted wireless networks, an encrypted wireless phone as well as two printers with open Wi-Fi access.

The computers and networks at the White House and the military-run Camp David are run by the Defence Information Systems Agency. Last year, a whopping $64m was spent on maintaining these networks. Still, the White House admitted in April 2015 that Russians may have penetrated sensitive parts of its computer system, the report notes.

In comparison, Mar-a-Lago spent $442,931 on security in 2016. The Trump Organisation did not specify how much was spent on digital security.

Trump Organisation spokeswoman Amanda Miller said the properties follow "cybersecurity best practices".

"Like virtually every other company these days, we are routinely targeted by cyber terrorists whose only focus is to inflict harm on great American businesses," Miller said in a statement to the news organisations. "While we will not comment on specific security measures, we are confident in the steps we have taken to protect our business and safeguard our information.

"Our teams work diligently to deploy best in class firewall and anti-vulnerability platforms with constant 24/7 monitoring."