The government-run ICT research institute has started surveying IoT devices running on networks provided by the nation's ISPs to check whether devices use easily guessed or default passwords.
These will include common passwords known to have been used for cyber attacks in the past — the NICT gives the examples of password and admin1234 — as well as passwords consisting of the same or sequential alphanumeric characters.
If insecure connections are found, the NICT will provide the information to the ISPs, who will then alert users to the vulnerability.
The NICT started alerting the public to the planned five-year National Operation Towards IoT Clean Environment (NOTICE) project with an ad campaign early this month, and commenced surveying devices on Wednesday.
It has also established a support centre to respond to enquiries from users notified through the campaign.
In response to criticism over the NOTICE project for its obvious privacy and citizen rights implications, NICT insisted that testers will not intrude on any devices and that no information will be collected other than that required for the survey, which will itself be subject to “strict control measures”.
The agency said the penetration testing project is necessary in light of the growing trend of cyber attacks targeting IoT devices. Attacks targeting and involving co-opted IoT devices have caused serious damage in countries around the world.
(Tech Decisions)
No comments:
Post a Comment