A revised Japanese law passed recently authorized the government to test internet of Things (IoT) devices that may be exploited for cyber attacks.
According to the announcement posted on the government website, the Ministry of Internal Affairs and Communications (MIAC) and the National Institute of Information and Communications Technology (NICT) will cooperate with Internet providers to conduct the security survey.
The government acknowledges that while IoT devices have become widespread, cyber attacks targeting IoT devices are on the rise.
It said IoT devices, which includes sensors, routers, and web cameras, have features that are limited in performance, difficult to manage, long in the life cycle, and easy to be targeted by cyber attacks. And equipment with poorly installed security measures may be infected with malware and used for cyber attacks.
The announcement specifically mentions the heightened need for security countermeasures as the country is hosting the 2020 Olympic Games, the Paralympic Games Tokyo Convention, and many other high-profile international events.
Based on the conduct of the investigation or survey, the post said strict safety control measures are to be taken based on the implementation plan of NICT and approved by the Minister for Internal Affairs and Communications.
According to the document, testing will begin by mid-February and users of these IoT devices that are found vulnerable to attacks will be notified.
A report from Japan’s national broadcaster NHK World stated that NICT “will generate IDs and passwords in its attempt to randomly break into about 200 million devices, such as routers and webcams.”
NHK also quoted a communications ministry official asking the public for its support and understanding, especially as “researchers might unintentionally gain access to webcam images or stored data” and may constitute a violation of “the device owners' constitutional right to privacy if their identities were revealed.”
The government, however, has given assurances that no data will be leaked.
According to a report from MIAC Cybersecurity Office, two-thirds of all attacks in 2016 were targeted at IoT devices; hence, the necessity for countermeasures. And one way to detect device vulnerability is to test for inadequate password settings, among others.
Trust certifications for IoT devices have been gaining ground. In November 2018, Mozilla issued a comprehensive guide on smart connected things as they might pose some online risks to consumers at the height of the year's online shopping season.
Mozilla’s gadget guide provides a framework for understanding the risk factors to consider before buying a connected device.
In December 2018, ThingsCon Berlin launched the "Trustable Technology Mark," the goal of which was to help consumers make informed purchases.
Governments have also started introducing regulations on the sale and manufacture of internet-connected things, such as the law passed in California in September mandating built-in security features to protect devices against unauthorized access.
The UK followed suit with the introduction of the world-first IoT Code of Practice to ensure the security of connected consumer devices at the design stage.
In Asia, the Bangkok Post reported in November 2018 that that regulatory conditions for IoT and related devices will start to be implemented this year.