Japan plans massive IoT survey to bolster cyber security
Officials of the Ministry of Internal Affairs and Communications said the study involving 200 million such devices would not extend to computers and smartphones used by individuals. Even so, concerns are being voiced about the government giving itself the authority to unilaterally access all devices in companies and homes that are connected to the Internet.
According to the ministry, the main purpose of the study, to be conducted in conjunction with the National Institute of Information and Communications Technology (NICT), is to check the vulnerability of the passwords on the devices, such as routers, sensors and web cameras, which have a global IP address. Having such an address is necessary to connect to the Internet.
While routers installed in homes will be accessed, the ministry said the study would not go beyond those routers and access the computers and appliances serviced by the router.
The study will use a program that automatically enters about 100 fairly simple passwords that have been known to be used in past hacking attacks. Among the passwords to be used are "admin," "password," "111111" and "123456."
Any device that can be logged on to will be considered at high risk of a cyber attack. E-mails will be sent to the device user through the service provider asking that the password be changed. No fee will be requested nor will any user be asked to provide the real password.
The law banning unauthorized computer access was specifically revised in 2018 to give NICT a special waiver over a five-year period to conduct studies on cyber security. Normally, individuals are banned from attempting to access the Internet devices of ordinary citizens and companies.
Government officials are also insisting that communications confidentiality will not be compromised since the contents of e-mail and other communications will not be accessed. ■