Japan plans to hack citizens’ IoT devices ahead of Tokyo Olympics

28 Jan 2019

Shibuya area of Tokyo, Japan. Image: © SeanPavonePhoto/Stock.adobe.com

The Japanese government is apparently planning to try accessing citizens’ IoT devices to check whether their passwords are secure.

Last week, internet giant Google confirmed it would appeal the €50m GDPR fine imposed on it by French data watchdog, CNIL. The case is being closely watched by tech firms and experts, as the outcome is likely to have major implications for the future enforcement of the regulation.

Remaining in France, defence secretary Florence Parly said that the country was preparing to use its cybersecurity tools like any other weapon in the nation’s arsenal in the wake of increasing nation-state attacks.

Meanwhile in Ireland, the Government hosted a blockchain hackathon to identify problems within the public services that could be solved using the distributed ledger technology.

Looking at enterprise software news, teams working on Apple machines will be glad to see that Microsoft Office is now available on the App Store for macOS. The apps in the suite also support some of the new features in the new Mojave OS, including Dark Mode.

Japan prepares to hack IoT devices ahead of Tokyo 2020

Last Friday (25 January) the Japanese government approved a legal amendment that will permit government workers to hack into peoples’ IoT devices, according to NHK World. The unprecedented survey will be carried out by staff at the National Institute of Information and Communications Technology (NICT). Employees there will be able to use password dictionaries and default passwords to try and log into Japanese consumers’ devices.

The government in the country has embarked on this unusual plan ahead of the 2020 Olympics in Tokyo, to avoid a repeat of the Olympic Destroyer malware in Pyeongchang, South Korea during the Winter games.

Internet Society to release Privacy Code of Conduct

Today (28 January), the Internet Society has issued a nine-point guidance that will offer insights into how firms can manage personal data in more effective ways. According to Dark Reading, recommendations include treating so-called ‘anonymised data’ as personal data and avoid using legalese.

Senior director of internet trust for the Internet Society Christine Runnegar said: “Businesses have to offer a clearer explanation of what the personal data will be used for and make clear that it is for legitimate and reasonable purposes.”

Cloud customers experienced 681m cyberattacks in 2018

More and more organisations are choosing to migrate completely, or at least partially to cloud services and security provider Armor notes that those that neglect patching on a regular basis open themselves up to a litany of threats. According to research from the firm, 681m cyberattacks last year were aimed at the cloud.

The most common threats included leveraging known software bugs, remote file inclusion and cross-site scripting.

DailyMotion hit by credential stuffing attack

Video-sharing platform DailyMotion revealed on 25 January that it had fallen victim to a credential stuffing attack, according to ZDNet. This form of cyberattack sees hackers take numerous combinations of passwords and usernames and use them to gain illegal access to user accounts on other platforms.

The attack apparently began on 19 January and the DailyMotion security team has been taking steps to block it. Users who the company believes were affected were logged off and their passwords were reset.

US government issues emergency directive to tighten DNS security

The US Department of Homeland Security published an emergency directive on 25 January after a spate of domain hijacking attacks targeting government websites. According to the directive, multiple government domains were targeted by a domain hijacking campaign, but the agencies in question have been informed.

Using this form of attack, bad actors can dupe visitors into thinking they are visiting a legitimate website, when it is in fact one controlled by cybercriminals. DNS and cache poisoning are two other methods of manipulation.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com