1. What are the legal grounds for this survey?

    Based on the "National Institute of Information and Communications Technology Act (NICT Act)" as revised in May 2018, the NICT is identifying Internet of Things (IoT) devices which are vulnerable to being maliciously used for cyberattacks by entering easily guessed passwords. Based on the NICT Act, NICT has created an implementation plan for this survey, and has obtained approval for the plan from the Minister for Internal Affairs and Communications.

  2. How will the survey be conducted?

    NICT will check* whether IoT devices accept entry of IDs/passwords from outside via the Internet using global IP addresses (IPv4) allocated to Japan**. Then NICT will enter easily guessed IDs/passwords to these IoT devices, thereby identifying devices vulnerable to being maliciously used for cyberattacks.
    *Referred to as a “port scan”.
    **Approximately 200 million exist.

    Devices that can be controlled without using a password may also be identified as devices vulnerable to being maliciously used for cyberattacks.
    The survey is carried out automatically using a computer program.
    Approximately 100 combinations of IDs/passwords are described in the NICT's implementation plan.

    [Examples of entered IDs/passwords]

    Used for cyberattacks in the past
    ID Password
    admin admin
    admin1 password
    root user
    root default
    supervisor supervisor
    The same alphanumeric characters used
    ID Password
    admin 111111
    root 123456
    root 666666
    root 54321
    888888 888888
  3. What kind of devices are covered under the survey?

    The survey covers IoT devices that can be accessed via the Internet using global IP addresses (IPv4)—For example routers, web cameras, and sensors.

  4. Are PCs and smartphones covered under the survey?

    With certain exceptions, smartphones using a mobile network and PCs using a wireless LAN router, etc., are generally not covered by this survey.

  5. Is there a way to check whether my device is being accessed because of this survey?

    For this survey, we are using the following IP addresses. It is possible to confirm whether the source IP address relates to these addresses.

    IP addresses used in the survey

    • 150.249.227.160--175
    • 153.231.215.8--15
    • 153.231.216.176--183
    • 153.231.216.184--191
    • 153.231.216.216--223
    • 153.231.226.160--167
    • 153.231.226.168--175
    • 153.231.227.192--199
    • 153.231.227.208--215
    • 153.231.227.216--223
    • 153.231.227.224--231
    (96 in total)
  6. Isn’t this kind of survey a form of unauthorized access?

    A port scan is not a forbidden activity under the "Act on Prohibition of Unauthorized Computer Access".
    The identification of IoT devices by entering easily guessed IDs/passwords, based on the NICT's implementation plan, is excluded from the scope of unauthorized access prohibited under the "Act on Prohibition of Unauthorized Computer Access" according to the NICT Act* as revised in May 2018.

    *Stipulated according to Article 8 paragraph 7 of the supplementary provisions of the NICT Act.

  7. Doesn’t this survey violate the secrecy of communications?

    This survey by NICT is to confirm whether any devices can be maliciously used for cyberattacks by entering easily guessed IDs/passwords.
    Content of communications between the device and third parties are NOT gathered, used or leaked. Therefore, it does not violate the secrecy of communications.

  8. What kind of information is obtained and recorded from the survey?

    In a port scan, we acquire banner information to identify the model name (such as messages notifying service types and versions, which are published via the device) and record it with the IP address, time stamp, and port number.
    In identifying IoT devices by entering IDs/passwords, we acquire information to identify the model name and record it alongside the IP address, time stamp, port number, ID, and password.
    The survey is carried out automatically using a computer program.

  9. How will the security management of recorded information be handled?

    At NICT, we apply security measures of the same strictness as measures required for highly confidential information handled by the government. For example, the following measure are taken.
    - When entering or leaving sections which handle information, multi factor authentication, including biometric authentication, is required.
    - Infiltration-detection systems and firewalls are used to make it impossible to directly connect to servers handling information from the outside.
    - Only a limited number of employees are granted access.
    - Logs are monitored.

  10. What happens if the rules described above are violated?

    Leaking of information, etc., by NICT employees would constitute a violation of the duty of confidentiality under article 12 of the NICT Act and would be subject to punishment.
    Additionally, if the survey was conducted beyond the scope determined in the implementation plan, this would be a violation of the Act on Prohibition of Unauthorized Computer Access and subject to punishment.

  11. How are users identified?

    The Internet service provider (ISP) identifies users of the target devices based on information (IP address and time stamp) provided by NICT.

  12. What methods are used to alert users?

    The ISP* alerts(notifies) their's users by e-mail or post, etc. If you are notified by anyone other than your contracted ISP, please be cautious as you may be a victim of fraud.
    If you receive a suspicious notification, contact the NOTICE Support Center** or your contracted ISP.

    *Check here for a list of ISPs participating in NOTICE. (This page is in Japanese only)

    **The NOTICE Support Center does not receive any personal information (such as user names) from ISPs.

  13. What should I do if I am alerted?

    Refer to the configuration manual of the IoT device you are using that corresponds to the alert, and then change the settings to a complex password that will not be easily guessed by a third party, and update your firmware.
    Additionally, the device for which you received the alert may already be infected by malware. Most malware infecting IoT devices, such as Mirai, can be removed by turning off the power. Therefore, please restart the IoT device with the above setting changes.

  14. How will the results obtained from this initiative be published?

    Results up to September 2019 have been published on the Ministry of Internal Affairs and Communications (MIC) website.
    https://www.soumu.go.jp/menu_news/s-news/01cyber01_02000001_00043.html (This page is in Japanese only)
    We plan to continue publishing the implementation status of this initiative.

  15. How will you publicize the fact that you are conducting this initiative?

    The implementation of this initiative shall be publicized via press releases from the MIC and ISPs participating in this initiative. It was also publicized through posters at transportation facilities and electrical-appliance stores as well as in newspaper advertisements.

This page provides answers to questions related to NOTICE.
These questions shall be updated as necessary.

NOTICE Support Center (Only Japanese is supported)

freecall 0120-769-318 (Free・Landline only)
03-4346-3318 (Charges apply)
Reception time 10:00~18:00
(Except for the year-end and New Year holidays)