Japan law will allow government to hack civilian IoT devices

Justification lies in concerns around the security of the infrastructure for next year's Olympic Games

Tokyo street

Japan approved a new amendment to a law on Friday which would allow government workers to hack civilians' personal technology as part of a vast survey of the country's insecure IoT devices.

The survey is being initiated as part of a plan to prevent a major cyber attack from crippling the infrastructure that will support the Tokyo Olympic Games in 2020, stemming from insecure IoT devices.

Advertisement - Article continues below

The concerns aren't without merit, sporting events are fast-becoming prime targets for cyber attacks. In February 2018, Pyeongchang's Winter Olympics was hit by a cyber attack during the opening ceremony.

The Olympic Destroyer malware was deployed by Russian-linked threat actors in what is believed to be a response to the banning of Russian athletes caught doping before Rio 2016. Shortly before the ceremony, the event's website was downed which saw users unable to buy tickets or access information. Normal service was resumed 12 hours later.

The state-sponsored hacking initiative will begin next month with a trial of 200 million devices, just webcams and modems to start with. The survey will be carried out by employees of the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal Affairs and Communications.

Advertisement - Article continues below

The NCIT employees will be allowed to use default passwords and password dictionaries to break into devices. When they discover a particularly vulnerable device, a report will be sent to authorities and ISPs which will then prompt the device's owners to secure it.

Advertisement - Article continues below

"This is a very interesting response to the growing IoT cyber security problem, and it is about time a government stepped in with something other than a regulatory approach or voluntary standards scheme, said Ian Thornton-Trump, international head of security at AmTrust. "It is not without a North American precedent. Companies and law enforcement have used the US legal system to take down domains and systems that have been used in cyber-attacks of a criminal nature, including botnets. This is the first instance of applying that same philosophy proactively to IoT infrastructure.

"I can see how privacy advocates would see this as very intrusive; on the other hand, if your device is vulnerable or acting as part of a botnet and you don't have the resources to detect the activity, or even fix it -- who else is going to?

"Overall, the Japanese government action on IoT may bring to light just how serious a problem IoT is and I'm sure other countries will be very interested in the results of this program," he said.

Advertisement - Article continues below

The Ministry of Internal Affairs and Communications released a report which stated attacks aimed at IoT devices accounted for two-thirds of all cyber attacks in 2016.

There have long been calls for a ramp-up of security embedded in IoT devices and research from Gemalto states that just 48% of businesses have the necessary provisions to detect vulnerabilities in IoT infrastructure.

In fact, 79% of the 950 decision makers the company spoke to said they think the government should play a more involved part in combating IoT-related cybercrime, whether that involves creating a framework for firms to adhere to or making it clearer who is responsible for protecting IoT.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

Is it time to put Intel Outside?

10 Jul 2020