Starting next month, the Japanese government is going to try its hand at credential stuffing the country’s Internet of Things (IoT), including gizmos at both the enterprise network level down to citizens’ “oops, never changed the default password!” webcams and everything in between.
Credential stuffing is when attackers grab login credentials that have been breached, then e-wander around plugging them into other places, trying to find out where else those same credentials have been used. Because a lot of users have the bad habit of reusing the same passwords across several websites, the tactic is successful far too often.
According to NHK, Japan’s national public broadcasting organization, the government
approved of the first-of-its-kind venture on Friday. The plan: in mid-February, staff at the National Institute of Information and Communications Technology (NICT) will generate user IDs and passwords and use them to try to break into a randomly selected batch of about 200 million IoT devices, such as routers and webcams. Then, the owners of the breached devices will be told to bolster their cybersecurity.