Japanese gov’t to hack civilian IoT devices in security push before Olympics

In an effort to protect infrastructure supporting the 2020 Tokyo Olympic Games, Japan will let government workers hack citizens’ IoT devices to see how secure they are.

The country, which wants to avoid a repeat of the cyberattacks that plagued South Korea and Brazil when they hosted the Olympics in 2018 and 2016, respectively, gave the go-ahead Friday to amend a law so they could survey personal devices, according to a reportby ZDNet.

“Although it may turn out to be an unpopular opinion, I think this is a reasonable action by the government of Japan,” said Craig Young,computer security researcher for Tripwire’s VERT (Vulnerability and Exposure Research Team), who noted that “unsecured internet devices are an existential threat to the many aspects of the economy and public safety which rely on the public Internet.”

Not only can insecure devices pose a privacy concern by exposing data or private networks, “Mirai and similar botnets have shown that IoT botnets can be incredibly effective at large-scale DDoS attacks,” said Young. “The risk of wide-scale IoT compromise may also extend beyond the Internet in some circumstances. An attacker with control over enough smart outlets, thermostats, or appliances could likely disrupt critical public services like energy, water, and sewer services by creating sudden spikes in demand to overwhelm infrastructure.”

He pointed out that no knows what could happen “if a couple hundred million lamps are turned on and off simultaneously across a nation” or “if an excessive number of thermostats are suddenly set to the extreme.”

Referring to questions “about whether this is a government invading its civilian’s privacy” as “misguided, ”Young said, “Without any action, these devices remain vulnerable and may be accessed by anyone with the will to find them. The question then is whether it is preferable to have someone from the government find and notify civilians about insecurity or to leave these systems for those with malicious intent to find.”

prestitial ad