The Government-backed National Institute of Information and Communications Technology is preparing a national sweep of approximately 200 million IoT devices in preparation for upgrades to cybersecurity ahead of the 2020 Tokyo Olympics, according to officials.
The Japanese Government approved a legal amendment giving the green light to this unique course of action on January 25, 2019. Staff will use password dictionaries and default passwords, such as, ‘1234’ and ‘admin’ to try gain access to the IoT devices, enabling them to better understand the security flaws. The survey will mainly focus on products that use physical cables to access the internet and prior consent from the ISPs is required.
Institute spokesman, Tsutomu Yoshida commented “Too often, we see webcams, for example, that are already being hacked because security settings are too simple and their images are being seen by outsiders”. He continued, “Sometimes they are put on public websites without the owners being aware.”
The course of action has been met with some backlash; however, with some citing that it goes against the privacy rights of consumers. The Institute has stated that data on individual devices will not be viewed, however, but they will notify ISPs of vulnerable users.
Japan is taking these precautionary measures perhaps because the hosts of the PyeongChang Winter Olympic Games 2018, South Korea, fell victim to a cyberattack shortly after the opening ceremonies began. A range of devices were hacked in the incident, causing issues such as spectators finding themselves unable to print tickets and broadcasting faults.
The Japanese Government believes the survey is necessary to ensure the safety of all visitors and the smooth running of the Tokyo Olympics.