Japanese Government Plans To Hack Citizens IoT Devices
In an effort to secure IoT devices before the 2020 Toyoko Summer Olympics, the Japanese government pass a law to enable it to hack into people’s IoT devices. The scans will be perfomed by employees of the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal Affairs and Communications. NICT employees will be allowed to scan and attempt to use default passwords and password dictionaries to try to log into Japanese consumers' IoT devices, i.e. hack the devices.
They are planning to compile a list of insecure devices that use default and easy-to-guess passwords and pass it along to Japanese authorities and the relevant internet service providers, so they can alert consumers and secure the devices. Wow. Ok. So what would prevent the government from changing the log on credentials themselves, create a back door, change it back and now they have access to all insecure IoT devices? Or what about a state attackers getting access to the NICT gathered information on all citizens’ devices. Or using the same technology to scan all IoT devices within and outside Japanese borders? Trust? Who has that much trust in any government?
On the one hand, the cyber security person in me says some good could come out of this, secure devices are important. However, the privacy person in me is screaming! We will see what happens.