Japan has approved a plan to test the security of around 200 million Internet-of-Things (IoT) devices in the country in a bid to beef up their cyber-resilience, according to a report by Japan’s public broadcaster NHK World.
Armed with lists of default and commonly used passwords, employees of Japan’s National Institute of Information and Communications Technology (NICT) will attempt to log into randomly-selected smart gadgets. Routers and webcams in both home and business networks are set to be probed first, with this large-scale ‘penetration test’ due to begin in the middle of February.
The institute will then work with internet service providers (ISPs) and local authorities, so that they can notify the owners of unsecured devices and help them lock down their smart tech.
IoT devices are particularly low-hanging fruit for cybercriminals. Default, unchangeable and weak passwords, along with vulnerable embedded firmware and the absence of patches, are just some of the main problems that plague all sorts of internet-connected things.
Threats associated with vulnerable IoT devices were exemplified a few months ago, when malware known as VPNFilter compromised half a million routers, prompting the US Federal Bureau of Investigation (FBI) to advise people to reboot their routers. Of course, many will still remember the damage that a botnet made up of IoT tech caused in October 2016.
The law that paved the way for the large-scale ‘pentest’ was adopted back in November 2018 and covers a period of five years. Tokyo is hosting the Summer Olympics next year and, needless to say, major international events attract threat actors of various ilks. The institute said that IoT gadgets were targeted by 54 percent of cyberattacks that it detected in Japan in 2017.
Meanwhile, the ‘survey’, as the effort has been dubbed, has prompted privacy concerns. After all, the government’s ‘white hats’ may invade, however inadvertently, people’s private lives. On the other hand, it may ultimately encourage not only the Japanese public to look into and, wherever possible, beef up the security of their smart things before somebody can ‘test’ it for them, be it for good or ill.
The security of data gathered during the project is another source of worry at a time when data-related incidents are increasingly frequent. In this context, NICT researcher Daisuke Inoue sought to dispel the concerns by telling NHK World that the institute will make sure to prevent any data leaks.