Japan Is Inviting Hackers to Hack Insecure IoT Devices Ahead of the 2020 Olympics

Security and safety has always been important at the Olympic games, thought in times past it’s usually been with regards to physical safety. For the first time there will be a greater focus on digital safety at the 2020 Tokyo Olympic Games. Japan is pursuing hacking into all insecure IoT devices to see how many gadgets there are in the country that are hackable.

White Hat Hacking for 2020 Tokyo Olympic Games

Japan approved a law last week that will allow their government to hack into insecure IoT devices to get a handle on how many there are in the country a year ahead of the Olympic Games being held in Tokyo.

Employees of the National Institute of Information and Communications Technology (NICT) will conduct a survey that will be supervised by the Ministry of Internal Affairs and Communications staff.

There will be very strict rules of engagement enforced for privacy reasons, and NICT employees will only be allowed to use default credentials and password dictionaries to find these hackable devices.

Not everyone agrees with this effort. The VP of Intelligence at Tenable, Gavin Millard, believes that it’s likely this process will discover relatively few vulnerable devices and won’t find the majority of IoT devices that are in danger.

“Rather than hacking back, it appears the NICT are going to notify users of exposed devices with simple passwords,” he advised.

“A quick Shodan search only finds roughly 1000 devices currently connected in Japan with easily-guessed passwords though, so unless they are going to go deeper leveraging a scanning tool like Nessus, it’ll be more PR than actual security improvements.”

The survey is scheduled to be conducted next month with an interest in cataloging more than 200 million IoT devices. The plans are for NICT to start examining routers and networked cameras. Once they identify insecure devices, it’ll give the details to ISPs and local authorities who can alert consumers.

IoT devices are traditionally vulnerable because many of them ship with insecure default settings and don’t often get security updates and patches. Because of these vulnerabilities, these devices are targeted by hackers and used to stage distributed denial of service (DDoS) attacks.

But the scope of this effort is why it won’t make much of a difference. It will only be searching for vulnerable devices in Japan. Cybersecurity is an international process. Getting Japan’s residents to beef up their security won’t mean much.

What do you think of Japan’s plan to identify vulnerable IoT devices before the 2020 Tokyo Olympic Games? Is there value in this? Add your thoughts on this in the comments section below.

Image Credit: DuncanSensei