Moscow, February 5 — “Conduct. Economy”
In Japan are concerned about security of “Internet of things”. To check the security of IoT devices, civil servants were legally allowed to hack the plug-in gadgets of the citizens of brute force passwords.
The development of the Internet of things (IoT) has led at this stage to the abundance of assorted and often poorly protected devices, which are easy to access by attackers.
Experts have long been sounding the alarm. Recently, chief Evangelist Vinton CERF, who many call one of the founders of the Internet, expressed concern about the increasing number of household devices that connect to the Internet. Many of these gadgets, surveillance cameras and cars with automatic control to connected thermostats and toasters, are already demonstrating serious software errors or deficiencies in security.
“We are coming off this avalanche of devices… and they are potentially dangerous,” said Vinton CERF in a recent interview with Business Insider. “Software errors can cause malfunction of the devices, he continued. — This can lead to small problems: the light does not turn on or something like that. But the consequences can be much more serious.” Among the potential dangers which the CERF is worried, there may be those that are life threatening. For example, driverless car, Internet-connected things can have an accident due to software errors or hacking.
A decisive step in the direction of cyber security made Japan. The government approved amendments to legislation that will allow civil servants to turn on user IOT devices in the framework of large-scale “census” of IoT devices. The law was adopted to implement the extensive government program of search for unsecure plug-in gadgets, which will soon be deployed in the country.
Finding vulnerable devices, the programme will deal with the staff of the National Institute of information and communications technology (NICT) under the control of the Ministry of internal Affairs and communications. Hacking gadgets staff NICT will allow you to use dictionaries of common passwords and those passwords that are set by default.
Profile media noted that the method of selection of passwords is the most common among hackers a way to take control of the device of the Internet of things, although, alternatively, can be used a vulnerability in the firmware. Cracking a sufficient number of gadgets, hackers form one of the botnets that are used to commit DDoS attacks.
Testing will start with devices that break most often web cameras and routers. The “government” hackers will try to access this information at the place of work and residence of citizens. It is reported that Internet providers will be obliged to inform their users about detected vulnerabilities in their IoT devices.
On such measures the government decided to go ahead of the Summer Olympic games 2020, which will be held in the capital, Tokyo. During the Olympics, the authorities fear the “government” of cyber attacks on the infrastructure of the games, like Olympic Destroyer. In 2018, the malware attacked the Olympic winter games in Phenchhane. During the ceremony at the stadium blacked out, Wi-Fi and television systems, and time ceased to function the official website of the Olympic games.
In total, the authorities plan to test about 200 000 000 devices, ranging from routers and web cameras. According to the report of the Ministry of internal Affairs and communications of Japan, in 2016 the number of attacks on IOT devices accounted for two-thirds of the total number of cyber-attacks that year. Critics of the program draw attention to the fact that the employees of the Institute may receive access to personal data of citizens and it violates the right to privacy. Also it is not clear how, where, and how long the data will be stored.
Concerns about the safety of IoT devices, in particular, lie in the lack of safety standards. Unlike PCs or smartphones, the market of smart gadgets there is no dominant operating system. While the vast majority use Linux, many versions of operating systems are in the process of development. Thus, Microsoft, Google or Apple can’t just release an update of the operating system and protect the vast majority of devices simultaneously.
Moreover, manufacturers often do not update the software underlying the Internet-the devices, especially older models, so that security holes and other flaws are frequently overlooked. These holes have been used in the past. In 2016, the hackers found a vulnerability in the software for security cameras and have used connected devices to create a botnet with 1.5 million devices, which hackers have used to launch several large.
Read more •••