The Japanese government amended a law [1] on January 25, 2019 that would allow internet-connected devices to be tested in a trial by fire, or in this case, trial by hacking. Specifically, they want to test the robustness of the default passwords and security set by various Internet-of-Things (IoT) devices, including smart doorbells, locks, lights, cameras, and televisions.
According to ZDNet [2], the National Institute of Information and Communications Technology (NICT) of Japan will be allowed to use a list of default passwords and password dictionaries to attempt entry into Japanese consumer’s IoT devices. NICT aims to create a list of commonly insecure devices that use easy-to-guess passwords in order to alert its manufacturers and users to improve its security and unintended access.
The password audit is planned for February 2019, where over 200 million Japanese IoT devices will be tested on both enterprise and personal networks. The Japanese government cites fears of hacking at the 2020 Tokyo Summer Olympics as the reason for taking this step to increase its national cyber security.
Japanese citizens have expressed dissatisfaction, arguing that instead of a government attack on personal electronics, a simpler solution would be to alert users that had insecure devices to update them.
Interestingly enough, there are hackers that attempt to improve security through hacking. In April 2018, a hacker known as Alexey improved the security of over 100,000 routers by hacking into them and fixing a security vulnerability [3] as an act of good will. In the case of the Japanese government, the difference here is that it is a sovereign body that is mandating this audit, instead of one that is uninvited.
What do you think?
- Should a government body be able to mandate that it is allowed to attempt to hack into your personal devices?
- How can you be sure that surreptitious hacking attempts are not being made against your devices and networks?
- Are you aware of the level of protection your router or other IoT devices have?
Let us know what you think about this article and your responses to our questions in the comments below!
Disclaimer: The views and opinions expressed in this article are those of the author and do not constitute legal or financial advice.
Always do your own research to make informed decisions.
For more information, check out these articles:
Govt. to access home devices in security survey [NHK Japan]
List of government mass surveillance projects [Wikipedia]
People said…