Japanese Government Plans To Hack Into Citizens' IoT Devices

An anonymous reader writes: The Japanese government approved a law amendment on Friday that will allow government workers to hack into people's Internet of Things devices as part of an unprecedented survey of insecure IoT devices. The survey will be carried out by employees of the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal Affairs and Communications.

NICT employees will be allowed to use default passwords and password dictionaries to attempt to log into Japanese consumers' IoT devices. The plan is to compile a list of insecure devices that use default and easy-to-guess passwords and pass it on to authorities and the relevant internet service providers, so they can take measures to alert consumers and secure the devices. The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, beginning with routers and web cameras. Devices in people's homes and on enterprise networks will be tested alike

Crap title.

[andydread]

This does not involve any "hacking" into anything. It simply unauthorized access by attempting default passwords, not hacking. Please fix the title. Thanks.

Re:Crap title.

[MAXOMENOS]

> It's also CRIMINAL

Ah, well that's just it, isn't it? It's not criminal activity if the Diet says it's legal.

Good

This needs to be done to protect the dumbasses from themselves. Once they start to get educated about security then their digital footprint becomes a little safer but wy stop there, go to the manufactures of these devices and threaten traded sanctions if the manufactures do not do a better job at securing these things.

Re: What could possibly go wrong....

[c6gunner]

Yes. I've hacked various networks and then left messages for the admin to fix the vulnerability. Was me doing that worse for them?

As long as the Japanese government is honest about the aim of this project, then the end result will be a benefit for the people of Japan. Of course some transparency and third-party verification would be nice to keep them honest. But there's nothing inherently harmful about what they're doing.

Re:Bad password but still hacking

[Monster_user]

Hacking is using exploits or otherwise bypassing the security mechanisms, typically to gain unauthorized access. Hacking can also be used to gain authorized access.

This isn't hacking, this is logging in, and unauthorized access.

Is it "breaking an entering" if you leave your front door open?

Re:The US needs this

[gweihir]

No, it is an utter fail that ignores technological reality. First, most vulnerable devices will not be visible, because they have already been hacked and the vulnerability will have been closed (but the attacking bot-net owns the device). So they will not find the devices they need to find. And second, relying on ISPs and users to fix this will not accomplish anything.

Re:Deep thoughts, by Jack Handy?

[AHuxley]

Then the company will be told by the gov that their "things like UPnP" is wide open.
The company can then change its policy and secure its network.
Change its passwords.
Upgrade.
That warning by the gov will have to be acted upon.
The gov will give time and advice to work on "things like UPnP" settings?
Should that "things like UPnP" be found to be part of any computer network intrusion?

The gov can then come back an ask why the "things like UPnP" was still left open to the world?
The company can then list their reasons why the "things like UPnP" policy was left in place.
Should it be a good reason then the gov will accept that.
The company was given the gov results about the "things like UPnP", advice and time to consider its network.
Was the reason not good then further questions get asked about all gov policy/tax/banking the company might be missing.
Not acting on "things like UPnP" when requested by the gov could risk lot more investigation and questions later.