The Japanese Ministry of Internal Affairs and Communications revealed in a recent report that 2/3 of cyber attacks in 2016 were aimed at Internet of Things (IoT) devices. This coupled with preparing for the 2020 Olympics, resulted in the Japenese Government passing a law to allow for penetration testing on citizens’ IoT devices.
This will form part of a survey from the National Institute of Information and Communications Technology (NICT). With Japan’s Ministry of Internal Affairs and Communications, the NICT will gather a list of unsecured devices and pass these onto the Internet Service Providers (ISP). Thereafter, authorities and ISPs will let individuals know the weaknesses they will need to remedy such as passwords. The NICT will test over 200 million IoT devices including cameras, appliances and routers.
IoT is a target for hackers
The rise in dependency on machines and the internet has led to the increase of the two being combined. Together it has become the internet of things. Most devices, from kitchen appliances to the refrigerator can now connect to the internet as a smart way to manage appliances. This provides benefits including the ability to maximise the use of data, providing a convenient and efficient service or lifestyle. With this in mind, passwords are the most common authentication procedure on these devices. A weak password will, therefore, allow for easy deployments of IoT and router botnets. These botnets can take over devices to cause disruption to devices’ services.
Testing is crucial
On the lead up to Olympic games, governments have in the past tested the IT infrastructure in attempts to mitigate chances of successful attacks. For example, Rio had carried out around 8000 testings with 400 flaws found in 125 of the tests susceptible to malware attacks. Attackers target the Olympics as it is a global event that catches the attention of many countries. It is also a platform with big opportunities for nation-state attackers to gain publicity and valuable information. It also provides a profitable advantage for cybercrime groups.
The law passed by the Japanese government is crucial following past public events. Instances include the Pyeongchang Winter Olympics in South Korea. The malware, Olympic Destroyer, deployed in 2018 and affected internet and television services. Another instance is where the Ukrainian intelligence service reported Russian hackers attempted to use VPN Filter to disrupt broadcasts of the 2017 UEFA Champions League final. Other Olympic attacks include DDoS attacks on power systems at the 2012 London Olympics. Although successfully mitigating a majority of attacks, the Rio Olympics in 2016 succumbed to DDoS attacks. It eventually became the longest 500Gbps+ attack to date.
The project will start next month. Japan are using other measures to tackle threats posed to the 2020 Games with the use of facial recognition.