The Japanese government planned to integrate a list of devices that use easy-to-break passwords to, in conjunction with manufacturers and Internet service providers, implement the necessary measures to improve the security of these Devices. While the objective of this plan is understandable, even plausible, the methods thought of by the Japanese government seem too intrusive.
Since March 2019, employees of the National Institute of Communications Technology have been allowed to try to access home IoT devices in Japan. The test has already been performed on more than 200 devices, including routers, webcams and other Internet-connected devices. According to network security experts, when the test is completed, the government sends reports to manufacturers about the vulnerabilities found, as well as a number of recommendations to improve device security.
Figures published by multiple security firms claim that Japan is one of the countries with the highest number of cyberattacks against IoT devices in the world. Concern about information security within the Japanese government increased since the announcement of the Tokyo Olympics in 2020.
Network security experts believe that the Japanese government’s plan involves great risks, but in the long run very poor results will be obtained compared to the effort invested. In addition, most of these devices contain vulnerabilities that could be exploited without the use of passwords, so the Japanese authorities’ approach could be better defined, not to mention that, in the end, these tests, though carried out for a legitimate purpose, remain a cyberattack in practice.
Among other potential drawbacks, the Japanese government announced that it will create a database with all the security vulnerabilities found at the end of the program. In this way, malicious hackers could access this list and carry out a massive campaign to exploit these flaws.