Residents of Japan, are you ready for Tokyo 2020? No, you’re not.
The Olympic Games will take place there next year, and hackers are already airing out their counterfeit Tokyo 2020 hoodies and stretching their typing fingers, preparing to break a record or, preferably, your IoT devices’ and router’s security. That is, if the Japanese government doesn’t beat them to it.
Japan already got cyberburned in 2015, when the records of 1.25 million people, almost 1% of Japan’s population, were exposed in a hack of the national pension service.
Hosting the Games makes the super-techy state an even bigger target for hackers, owing to the heightened media attention and the rapid infrastructure and services development leading up to them.
Many recent Olympic hosts saw an increase in cyberattacks - an estimated 250 million attacks were launched against the 2012 London Games, including a 40-minute DDoS attack on the venue’s power systems during the opening ceremony; an official government website was toppled at the 2016 Rio Games; and ticketing systems were crippled for hours at the 2018 Pyeongchang Winter Games, to name a few. In September of last year, hackers already tried phishing people in the United States and Japan with fake Tokyo Games ticket offers via email.
As part of the pre-Olympics cybersecurity tightening efforts, Japan’s National Institute of Information and Communications Technology (NICT) decided to embark on a mission to white-hat hack more than 200 million IoT devices, webcams, and routers, privately as well as corporately owned.
In January, a law passed allowing NICT employees in their official capacity to hack people’s IoT devices. They will be trying to get into the devices using known default passwords for devices, as well as dictionary attacks, which is trying out words and word combinations commonly used as credentials, such as “admin,” “123456” (seriously), “password” (seriously!) and “qwerty” (now you’re just being an asdf).
Data collected by NICT will be used to compile a list of unsecured devices - ones that have default or too-simple credentials. The list will be disseminated to the relevant authorities who will use it to alert consumers, and possibly manufacturers, of the weaknesses.
But why focus on routers and IoT? Because hackers do. According to a Japanese Ministry of Internal Affairs and Communications report and an NICT survey, two thirds of all cyberattacks in 2016 and 54% in 2017 targeted IoT devices.
That’s because being able to control your smart home and IoT devices requires connecting your Internet of Things to your home network; remotely controlling them requires giving yourself remote access to that network. That means your home router is a net swinging door - allowing your network to connect to the web and, dangerously, the web to your network.
Routers and IoT devices tend to be unsecured. Recent analysis of thousands of our clients discovered an average of two security problems per ISP router. They come with default credentials few bother to change- “Why would anyone try to connect to my lightbulb?”; firmware users only rarely and sporadically install updates, as it’s not automated or prompted as is the case in computers and smartphones. Once inside, hackers can abuse your devices for sinister schemes, such as initiating DDoS attacks against critical national infrastructure.
Japanese consumers aren’t the only ones vulnerable. All consumers need to consider the holes in their home networks and determine the best ways to secure them.
About the author: Igor Rabinovich is CEO and founder of Akita. Akita provides “Smart Home Security as a Service” for consumers, using military-grade security protection to prevent botnets, DNS spoofing , cryptojacking, and other IoT-based attacks against home IoT devices and their connected networks.
Edited by
Ken Briodagh
