Japan is trying to appreciate just how many vulnerable IoT devices exist in the wild, so it plans to scan all its Internet-exposed IP addresses.
One way hackers try to compromise exposed IoT devices is by scanning for exposed ports and trying to see if default or common passwords work. This is the same method the Japanese government is using to discover exposed IoT systems.
Botnets are one of the biggest problem in cybersecurity today. Botnets have been around for a long time, but they have normally consisted of zombified PCs that had been compromised with malware. But the advent of IoT saw a switch from traditional endpoints to IoT devices, which are much more common and have enough computing power to fulfill the same purpose.
Japan’s National Institute of Information and Communications Technology published the results of their investigations for 2019. At first glance, the results are not as bad as you might imagine, but it’s only a thin slice of the problem.
The investigation was only possible with the help of the majority of ISPs in Japan, accounting for around 100 million IPv4 in the country. Users weren’t told that the government is looking to test their security so the results would not be skewed.
There’s good news and bad news. The good news is that only around 100,000 devices allowed authentication via the Internet, and among those, only 2,249 accepted weak credentials. The project used a method called “credential stuffing.” In this case, they used 100 of the most-used credentials to log in to the devices.
The bad news is that credential stuffing is only one of many methods used to compromised IoT devices. Just because a device has a strong password and a unique username doesn’t mean that it’s not vulnerable. It’s very likely that the number of vulnerable IoT endpoints is much higher.
Japan’s initiative is only halfway through and it doesn’t take into account the current climate, with lots of people working from home, and other variables that would possibly influence the result.
tags
Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.
View all postsNovember 14, 2024
September 06, 2024