The December 2022 issue of IEEE Spectrum is here!

Close bar

Japan to Probe IoT Devices and Then Prod Users to Smarten Up

A government project begins testing millions of Internet-connected devices to see how safe they are from cyberattacks

3 min read
Photograph of miniature models of a Japanese woman in a kitchen with a cloud connecting to Internet of Things devices.
Illustration: iStockphoto

Starting today, Japan's National Institute of Information and Communications Technology (NICT) will begin testing the security of Internet-connected devices that belong to citizens and businesses. Without notifying owners, the agency will use default credentials to try to log in to possibly millions of gadgets across the country as part of a nationwide cybersecurity experiment due to end in 2022. 

The project will be conducted in cooperation with the country's major Internet Service Providers (ISPs). The aim is to root out Internet of Things (IoT) devices with weak security. Then, ISPs will warn owners that their devices are vulnerable to cyberattacks.

The government recognized poor IoT security as a threat to national security in a paper on cybersecurity [PDF] published in 2015. And with the 2020 Summer Olympics to be held in Tokyo, the eyes of the world will soon focus on Japan, placing the country's ability to hold a trouble-free Olympics under international scrutiny. 

Consequently, the government has come up with the NICT IoT security-test project in an attempt to proactively address security concerns. The project is officially named the National Operation Towards IoT Clean Environment, or NOTICE, and was authorized by Japan’s Ministry of Internal Affairs and Communications.

Hiroyuki Sato, associate professor at the University of Tokyo’s Information Technology Center, says that while he understands the motivation for such testing, it is nevertheless being conducted without the public’s consent.

Sato points out that last year, the government had to revise an existing NICT regulation—the so-called NICT Law—in order to avoid the project conflicting with a general law prohibiting unauthorized computer access. "This indicates that this device testing still has several problems concerning civil rights,” he says. “I'm concerned this decision by the government is a hasty one."

He also says the government could have done a better job explaining to the public and the business sector how the collected data will strengthen security, or whether the data will be used for other purposes. 

"The explanation given so far is not sufficient," says Sato. "Which is an all-too-common way of Japanese governing. A more detailed account is necessary."

In an effort to reassure the public that NOTICE will not lead to the disclosure of private content, NICT issued a press release on 1 February explaining the "investigation is to check whether the password set in each IoT device is easily guessed (e.g. 123456, 00000000, etc.)." 

The announcement says there will be no intrusion into devices or acquisition of "information other than that required for the investigation. As for information obtained by the investigation, strict control measures will be taken in accordance with NICT's work implementation plan approved by the Minister for Internal Affairs and Communications."

Sato does not doubt the ability of NICT to properly carry out NOTICE. He says NICT has experience in conducting IT tests and surveys. He also believes such testing is indispensable for ISPs to understand the status of their network security. However, he does question how effective the practical results will turn out to be. Ordinary people, he says, won't know how to react when told their devices are vulnerable. 

"Most people don't know the account information of old devices and don't know how to patch for any security failings," he says. "So I expect effective results will be limited."

A better approach, he believes, would have involved ISPs carrying out less drastic testing in advance of the NOTICE tests. This would have better prepared the nation for NICT’s intrusive program, he says.

Going forward, Sato expects the ISPs to update their firmware to help strengthen network security. And he thinks device manufacturers will be strongly advised by the government to take responsibility for security when releasing new models. 

Meanwhile, the rest of the IT world will look on with keen interest to see how NOTICE proceeds and how users whose devices are targeted will react.

The Conversation (0)

Metamaterials Could Solve One of 6G’s Big Problems

There’s plenty of bandwidth available if we use reconfigurable intelligent surfaces

12 min read
An illustration depicting cellphone users at street level in a city, with wireless signals reaching them via reflecting surfaces.

Ground level in a typical urban canyon, shielded by tall buildings, will be inaccessible to some 6G frequencies. Deft placement of reconfigurable intelligent surfaces [yellow] will enable the signals to pervade these areas.

Chris Philpot

For all the tumultuous revolution in wireless technology over the past several decades, there have been a couple of constants. One is the overcrowding of radio bands, and the other is the move to escape that congestion by exploiting higher and higher frequencies. And today, as engineers roll out 5G and plan for 6G wireless, they find themselves at a crossroads: After years of designing superefficient transmitters and receivers, and of compensating for the signal losses at the end points of a radio channel, they’re beginning to realize that they are approaching the practical limits of transmitter and receiver efficiency. From now on, to get high performance as we go to higher frequencies, we will need to engineer the wireless channel itself. But how can we possibly engineer and control a wireless environment, which is determined by a host of factors, many of them random and therefore unpredictable?

Perhaps the most promising solution, right now, is to use reconfigurable intelligent surfaces. These are planar structures typically ranging in size from about 100 square centimeters to about 5 square meters or more, depending on the frequency and other factors. These surfaces use advanced substances called metamaterials to reflect and refract electromagnetic waves. Thin two-dimensional metamaterials, known as metasurfaces, can be designed to sense the local electromagnetic environment and tune the wave’s key properties, such as its amplitude, phase, and polarization, as the wave is reflected or refracted by the surface. So as the waves fall on such a surface, it can alter the incident waves’ direction so as to strengthen the channel. In fact, these metasurfaces can be programmed to make these changes dynamically, reconfiguring the signal in real time in response to changes in the wireless channel. Think of reconfigurable intelligent surfaces as the next evolution of the repeater concept.

Keep Reading ↓Show less