Japan law will allow government to hack civilian IoT devices

Justification lies in concerns around the security of the infrastructure for next year's Olympic Games

Tokyo street

Japan approved a new amendment to a law on Friday which would allow government workers to hack civilians' personal technology as part of a vast survey of the country's insecure IoT devices.

The survey is being initiated as part of a plan to prevent a major cyber attack from crippling the infrastructure that will support the Tokyo Olympic Games in 2020, stemming from insecure IoT devices.

The concerns aren't without merit, sporting events are fast-becoming prime targets for cyber attacks. In February 2018, Pyeongchang's Winter Olympics was hit by a cyber attack during the opening ceremony.

The Olympic Destroyer malware was deployed by Russian-linked threat actors in what is believed to be a response to the banning of Russian athletes caught doping before Rio 2016. Shortly before the ceremony, the event's website was downed which saw users unable to buy tickets or access information. Normal service was resumed 12 hours later.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The state-sponsored hacking initiative will begin next month with a trial of 200 million devices, just webcams and modems to start with. The survey will be carried out by employees of the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal Affairs and Communications.

The NCIT employees will be allowed to use default passwords and password dictionaries to break into devices. When they discover a particularly vulnerable device, a report will be sent to authorities and ISPs which will then prompt the device's owners to secure it.

"This is a very interesting response to the growing IoT cyber security problem, and it is about time a government stepped in with something other than a regulatory approach or voluntary standards scheme, said Ian Thornton-Trump, international head of security at AmTrust. "It is not without a North American precedent. Companies and law enforcement have used the US legal system to take down domains and systems that have been used in cyber-attacks of a criminal nature, including botnets. This is the first instance of applying that same philosophy proactively to IoT infrastructure.

"I can see how privacy advocates would see this as very intrusive; on the other hand, if your device is vulnerable or acting as part of a botnet and you don't have the resources to detect the activity, or even fix it -- who else is going to?

"Overall, the Japanese government action on IoT may bring to light just how serious a problem IoT is and I'm sure other countries will be very interested in the results of this program," he said.

The Ministry of Internal Affairs and Communications released a report which stated attacks aimed at IoT devices accounted for two-thirds of all cyber attacks in 2016.

Advertisement - Article continues below

There have long been calls for a ramp-up of security embedded in IoT devices and research from Gemalto states that just 48% of businesses have the necessary provisions to detect vulnerabilities in IoT infrastructure.

In fact, 79% of the 950 decision makers the company spoke to said they think the government should play a more involved part in combating IoT-related cybercrime, whether that involves creating a framework for firms to adhere to or making it clearer who is responsible for protecting IoT.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020