Japan law will allow government to hack civilian IoT devices

Justification lies in concerns around the security of the infrastructure for next year's Olympic Games

Tokyo street

Japan approved a new amendment to a law on Friday which would allow government workers to hack civilians' personal technology as part of a vast survey of the country's insecure IoT devices.

The survey is being initiated as part of a plan to prevent a major cyber attack from crippling the infrastructure that will support the Tokyo Olympic Games in 2020, stemming from insecure IoT devices.

The concerns aren't without merit, sporting events are fast-becoming prime targets for cyber attacks. In February 2018, Pyeongchang's Winter Olympics was hit by a cyber attack during the opening ceremony.

The Olympic Destroyer malware was deployed by Russian-linked threat actors in what is believed to be a response to the banning of Russian athletes caught doping before Rio 2016. Shortly before the ceremony, the event's website was downed which saw users unable to buy tickets or access information. Normal service was resumed 12 hours later.

Advertisement
Advertisement - Article continues below

The state-sponsored hacking initiative will begin next month with a trial of 200 million devices, just webcams and modems to start with. The survey will be carried out by employees of the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal Affairs and Communications.

The NCIT employees will be allowed to use default passwords and password dictionaries to break into devices. When they discover a particularly vulnerable device, a report will be sent to authorities and ISPs which will then prompt the device's owners to secure it.

"This is a very interesting response to the growing IoT cyber security problem, and it is about time a government stepped in with something other than a regulatory approach or voluntary standards scheme, said Ian Thornton-Trump, international head of security at AmTrust. "It is not without a North American precedent. Companies and law enforcement have used the US legal system to take down domains and systems that have been used in cyber-attacks of a criminal nature, including botnets. This is the first instance of applying that same philosophy proactively to IoT infrastructure.

"I can see how privacy advocates would see this as very intrusive; on the other hand, if your device is vulnerable or acting as part of a botnet and you don't have the resources to detect the activity, or even fix it -- who else is going to?

"Overall, the Japanese government action on IoT may bring to light just how serious a problem IoT is and I'm sure other countries will be very interested in the results of this program," he said.

The Ministry of Internal Affairs and Communications released a report which stated attacks aimed at IoT devices accounted for two-thirds of all cyber attacks in 2016.

There have long been calls for a ramp-up of security embedded in IoT devices and research from Gemalto states that just 48% of businesses have the necessary provisions to detect vulnerabilities in IoT infrastructure.

In fact, 79% of the 950 decision makers the company spoke to said they think the government should play a more involved part in combating IoT-related cybercrime, whether that involves creating a framework for firms to adhere to or making it clearer who is responsible for protecting IoT.

Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019