8 votes

New Japanese Law Lets Government Hack IOT Devices and Warn Owners They're Vulnerable

3 comments

  1. [3]
    writingsolo
    Link
    What are your thoughts about the government playing this role? I think the article clearly outlines why the government is stepping in - neither the buyer nor the seller care enough. So then my...

    What are your thoughts about the government playing this role?

    I think the article clearly outlines why the government is stepping in - neither the buyer nor the seller care enough. So then my question, since I don't fully understand it myself, is why does it matter if nobody cares? The article likened it to pollution - how is it like pollution?

    5 votes
    1. Deimos
      Link Parent
      There are a lot of problems, but a major one is that these insecure devices get hacked, and then used to attack sites/services/people through massive DDoS attacks. For example, two years ago,...

      So then my question, since I don't fully understand it myself, is why does it matter if nobody cares?

      There are a lot of problems, but a major one is that these insecure devices get hacked, and then used to attack sites/services/people through massive DDoS attacks. For example, two years ago, Brian Krebs's site was hit by an incredibly massive DDoS made up almost entirely of compromised IoT devices, and it was only using a tiny portion (about 4%) of the devices they had access to.

      By the time of the first Mirai attack on this site, the young masterminds behind Mirai had already enslaved more than 600,000 IoT devices for their DDoS armies. [...] The attack army sold to this ne’er-do-well harnessed the power of just 24,000 Mirai-infected systems (mostly security cameras and DVRs, but some routers, too).

      So the parallel with "pollution" is that it hurts the world overall and has a lot of negative externalities, even if there isn't much individual impact to the person that owns the device.

      4 votes
    2. msh
      Link Parent
      There's a really interesting post linked in the article: Security and the Internet of Things, by Bruce Schneier. In the introduction he talks about a DDoS attack that used these IoT devices to...

      There's a really interesting post linked in the article: Security and the Internet of Things, by Bruce Schneier. In the introduction he talks about a DDoS attack that used these IoT devices to knock off Twitter and other sites. The pollution is all the internet connected gadgets that are forgotten or no longer updated, used in these kind of attacks.

      3 votes