Yusuf On SecuritySecurity news, opinion and advice

Japanese government sets a precedence into allowing a law accessing public IoT devices.

The Japanese government has passed a new law which will allow them to access IoT devices in JApan with default username and password. In effect the National Institute of Information and Communications Technology (NICT) employee will attempt to login to some randomly selected 200 million devices. The issue is that people do not change the default username and password. The technic is known as credential stuffing. When the NICT staffers found devices with their default credentials they will contact their Internet Service Provider which will in turn reach out to the owner and give security recommendations.

NICT has reported that IoT devices were the culprit of a growing number of cyber attacks. IoT devices attacks accounted more than half (some 54% to be precise), of the cyberattacks that it detected back in 2017.

The government’s move is to minimises disruption of the upcoming Olympic Games by a cyber attack. Back in February 2018, the South Korea Olympic Games were halted by a multistage piece of malware duped Olympic Destroyer. The Japanese government is certainly trying to mitigate similar risk as big games have become popular primarily target. Japan has a massive IoT base of cams, routers, DVRs in its country.

I am sure a lot of governments are paying a close attention to how this develops. It might set precedence. Watch this space.

Join the discussion

Further reading

What will it take?

A great piece on what it will take to improve the safety of the connected world. Read it here.

Extended detection and response (XDR)

Extended detection and response (XDR) captures threat data from previously isolated security tools throughout the organizations tech stack to enable...

Log4j Vulnerabilities

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called...

Recent podcasts