Japanese Government to probe insecure IoT devices - Part 2

Japanese Government to probe insecure IoT devices - Part 2

The Japanese government released the technical details regarding the IoT probing devices. Here is an extract of the most important information.

Starting date: February 20, 2019.

Important Contents:

Scope of the probe:

1. Devices that can be accessed from the Internet using IPv4 addresses assigned to the Japanese territory
2. Easy to guess ID and password
3. Devices without a password
4. There are about 200 million devices that match the above mentioned scope
5. Devices: routers, web cameras, sensors, etc.

The National Institute of Communications and Technology (NICT) is going to use an approximately a set of 100 IDs and Passwords for this investigation. Here are the samples published in the referred site [1].

Commonly used for Cyber attacks

ID	Password
admin	admin
admin1	admin1
root	root
supervisor	supervisor

Identical characters, consecutive numbers, etc.

ID	Password
admin	111111
root	123456
root	666666
root	54321
888888	888888

IP addresses to be used in the investigation

150.249.227.160-175

153.231.215.8-15

153.231.216.176-183

153.231.216.184-191

153.231.216.216-223

153.231.226.160-167

153.231.226.168 to 175

153.231.227.192 ~ 199

153.231.227.208-215

153.231.227.216-223

153.231.227.224-231

(96 total)

Communication:

In the case a device is identified, a communication will be sent to the ISP/owner of the IP.


References:

1. In Japanese https://notice.go.jp/
2. In Japanese https://www.nict.go.jp/info/topics/2019/02/13-2.html

Japanese Government to probe insecure IoT devices

Japanese Government to probe insecure IoT devices

The Japanese government passed a law in which authorized to the National Institute of Communications and Technology (NICT) to use dictionary-alike attacks to IoT devices around the nation. Basically, default passwords list, overuse ones and easy to guess passwords will be used from February 2019 against internet-discoverable devices indistinctly of being public or private. The reason of this decision is to improve preparedness for different important events coming to Japan from this year:

1. The new emperor coronation in April, which also will change the Era name in Japan from the current one Heisei to a new one that will be decided.
2. The Rugby World Cup from September 2019, this is consider a rehearsal for the most important even next year.
3. Tokyo Olympics in 2020, this is the main reason behind the decision of the government to take action this year finding weak passwords in IoT devices.

Additional concerns are coming from enterprises, the reason is simple, these activities could generate alerts in enterprise infrastructures depending on their configurations and monitoring level.

Therefore enterprises are concern; since the probing activity might use the same techniques and possible tools than potential malicious actors, moreover no technical details have been shared; therefore there is no way to correctly identify and whitelist (which could lead us to a very different discussion) the “suspicious” traffic, in this case attackers could use this probing activities in order to hide in plain sight. Security teams and SOCs are concern and expecting an increase of traffic.

This activity could prove itself useful, but at the same time bad actors could potentially take advantage. From behind all perimeter defenses, hopefully enterprises are ready and well organized for this, especially since they had 4 years to improve their infrastructure, process and human resources to face these activities.

References

1. https://www.darkreading.com/attacks-breaches/japan-authorizes-iot-hacking/d/d-id/1333745
2. https://threatpost.com/japan-insecure-iot-devices/141304/
3. https://www.itpro.co.uk/policy-legislation/32848/japan-law-will-allow-government-to-hack-civilian-iot-devices