A new law has been approved by the Japanese government last Friday which permitted the government employees to hack into their citizens Internet of Things (IoT) devices as part of an unusual survey of insecure IoT devices.
The survey will be done by the staffs at the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal Affairs and Communications.
The employees of NICT will be permitted to use default passwords and password dictionaries in order to log into the users IoT devices.
The aim of the survey is to compose a list of devices which are insecure and those devices that uses easy to guess passwords and then give it to the authorities and the related internet service providers, so that they will be able to take necessary steps to inform the consumers and secure the devices.
The survey will be started next month where the authorities plan to test the password security of more than 200 million IoT devices, including routers and web cameras. The devices that will be tested include those at homes and organizations.
The Ministry of Internal Affairs and Communications reported that there were several cyber-attacks on IoT devices earlier.
The Japanese government has decided to commence this plan in view of the preparation for the Tokyo 2020 Summer Olympics. The government thinks that the attackers might misuse the IoT devices to organize attacks against the Games’ IT infrastructure.
This fear is however substantial as the Russian nation-state hackers have developed the Olympic Destroyer malware before the opening ceremony of the Winter Olympics held in South Korea last year because several Russian athletes were banned by the International Olympic Committee. These attackers also built a botnet of home routers and IoT devices.
However, this initiative by the Japanese government’s is not welcomed by the citizens. Many claimed that this is an unnecessary measure and as it is still not sure whether the users who uses default or easy-to-guess passwords would change it immediately if they are notified. Instead this could be easily achieved if the users are simply sent a security alert.
Today several IoT and router botnets are built by hackers, so the governments plan has some technical merits as well.