Japan law will allow government to hack civilian IoT devices

Justification lies in concerns around the security of the infrastructure for next year's Olympic Games

Tokyo street

Japan approved a new amendment to a law on Friday which would allow government workers to hack civilians' personal technology as part of a vast survey of the country's insecure IoT devices.

The survey is being initiated as part of a plan to prevent a major cyber attack from crippling the infrastructure that will support the Tokyo Olympic Games in 2020, stemming from insecure IoT devices.

The concerns aren't without merit, sporting events are fast-becoming prime targets for cyber attacks. In February 2018, Pyeongchang's Winter Olympics was hit by a cyber attack during the opening ceremony.

The Olympic Destroyer malware was deployed by Russian-linked threat actors in what is believed to be a response to the banning of Russian athletes caught doping before Rio 2016. Shortly before the ceremony, the event's website was downed which saw users unable to buy tickets or access information. Normal service was resumed 12 hours later.

The state-sponsored hacking initiative will begin next month with a trial of 200 million devices, just webcams and modems to start with. The survey will be carried out by employees of the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal Affairs and Communications.

The NCIT employees will be allowed to use default passwords and password dictionaries to break into devices. When they discover a particularly vulnerable device, a report will be sent to authorities and ISPs which will then prompt the device's owners to secure it.

"This is a very interesting response to the growing IoT cyber security problem, and it is about time a government stepped in with something other than a regulatory approach or voluntary standards scheme, said Ian Thornton-Trump, international head of security at AmTrust. "It is not without a North American precedent. Companies and law enforcement have used the US legal system to take down domains and systems that have been used in cyber-attacks of a criminal nature, including botnets. This is the first instance of applying that same philosophy proactively to IoT infrastructure.

"I can see how privacy advocates would see this as very intrusive; on the other hand, if your device is vulnerable or acting as part of a botnet and you don't have the resources to detect the activity, or even fix it -- who else is going to?

"Overall, the Japanese government action on IoT may bring to light just how serious a problem IoT is and I'm sure other countries will be very interested in the results of this program," he said.

The Ministry of Internal Affairs and Communications released a report which stated attacks aimed at IoT devices accounted for two-thirds of all cyber attacks in 2016.

There have long been calls for a ramp-up of security embedded in IoT devices and research from Gemalto states that just 48% of businesses have the necessary provisions to detect vulnerabilities in IoT infrastructure.

In fact, 79% of the 950 decision makers the company spoke to said they think the government should play a more involved part in combating IoT-related cybercrime, whether that involves creating a framework for firms to adhere to or making it clearer who is responsible for protecting IoT.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
New DNS vulnerabilities put millions of IoT devices at risk of hacking
Internet of Things (IoT)

New DNS vulnerabilities put millions of IoT devices at risk of hacking

13 Apr 2021
Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?
cloud security

Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?

13 Apr 2021
5G will accelerate cyber crime, predicts former White House CIO
5G

5G will accelerate cyber crime, predicts former White House CIO

13 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021