Japan is planning massive hacking of citizens’ IoT devices

The Japanese government will try to protect IoT devices before the Tokyo 2020 Olympics to prevent cyberattacks

Last Friday the Japan Government approved an amendment that provides its public employees the ability to hack any citizen Internet of Things (IoT) devices; according to specialists in network security and ethical hacking from the International Institute of Cyber Security, this measure is part of an unusual and highly invasive research on vulnerable IoT devices.

This research will be carried out by employees of the Japan National Institute of Information and Communications Technology (NICT), with the supervision of the Ministry of Internal Affairs, the Japanese government reported.

The legislation states that NICT employees will be able to use default password dictionaries to try to access consumer IoT devices. This is intended to gather a list of unsafe IoT equipment (with predetermined or easy to guess passwords) so that the Government, in collaboration with major telecommunications companies, can make decisions and alert the owners of these devices to reinforce network security.

The research will begin in the next few days, focusing mainly on routers and webcams. The Japanese government expects to analyze around 200 million of IoT devices in households and organizations.

Reports of network security specialists claim that cyberattacks targeting IoT devices in Japan equals one-third of all the cyberattacks reported annually in the country, which could increase during the upcoming Tokyo 2020 Olympics, as the Japanese government knows that groups of hackers are always in the expectation of this kind of events to attack important IT infrastructures. 

During the 2018 Winter Olympics in PyeongChang, South Korea, Russian government-sponsored hacker groups deployed the “Olympic Destroyer” malware against the South Korean computer infrastructure, all in retaliation for the decision of the International Olympic Committee (IOC) to expel hundreds of Russian athletes from the competition.

In addition, the same hackers built VPNFilter, a gigantic botnet, using domestic IoT equipment with which they planned to cut the transmission of the final of the UEFA Champions League of 2018 in Kiev, according to reports from the Ukrainian intelligence agencies.

As anticipated, the Japanese government’s decision has provoked indignation among citizens and privacy activists groups. The disgruntled ones argue that this is an unnecessary measure, as it is enough for the Japanese government to implement an awareness-raising campaign on the security of these devices.

On the other hand, the Japanese Government considers that this is a legitimate measure, because most of the IoT botnets are created by hackers thanks to the weak security within this kind of devices. Moreover, although a botnet can also be created by exploiting vulnerabilities in the routers, the most used way is to corrupt the devices without security measures.