The Japanese government approved a plan that will allow government workers to log in to IoT devices as part of a big effort to secure IoT devices.
It will be carried out by employees of the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal Affairs and Communications.
NICT employees will be allowed to use default passwords and password dictionaries to attempt to log into Japanese consumers’ IoT devices. The plan is to compile a list of insecure devices that use default and easy-to-guess passwords and pass it on to authorities and the relevant internet service providers, so they can take measures to alert consumers and secure the devices. The survey is scheduled to kick off in Feb 2019.
Scope: > 200 million IoT devices, routers and web cameras and everything else that has an IP.
I don’t understand the big fuss about it. I think it’s noble of the gov to do this before some worm, like VPN Filter, does it. It’s not hacking in the true sense of breaking thru some kind of security line of defense if one uses the admin admin credentials. Is it? Of course all of this is done to prevent some kind of Olympic destroyer like nightmarish DDOS scenario by making use of Japans own infrastructure.