¿¿ô¤ÎBluetoothÀ½Éʤ˱ƶÁ¤¹¤ëÀȼåÀ¡ÖBrakTooth¡×¤Î³µÇ°¼Â¾Ú¥Ä¡¼¥ë¤¬¸ø³«
¡ÖBrakTooth¡×¤Ï¡¢¥·¥ó¥¬¥Ý¡¼¥ë¹©²Ê¥Ç¥¶¥¤¥óÂç³Ø¤È¥·¥ó¥¬¥Ý¡¼¥ë²Ê³Øµ»½Ñ¸¦µæÄ£¡ÊA*STAR¡Ë¤Î¸¦µæ¥°¥ë¡¼¥×¤Ë¤è¤Ã¤Æ2021ǯ9·î¤ËÊó¹ð¤µ¤ì¤¿Bluetooth¤ÎÀȼåÀ¤ÎÁí¾Î¤Ç¤¢¤ë¡£BrakTooth¤Ë¤ÏÁ´Éô¤Ç16¸Ä¤ÎÀȼåÀ¤¬´Þ¤Þ¤ì¤Æ¤ª¤ê¡¢»ÔÈΤµ¤ì¤Æ¤¤¤ë1400°Ê¾å¤ÎÀ½Éʤ˱ƶÁ¤òµÚ¤Ü¤¹¤È¸À¤ï¤ì¤Æ¤¤¤ë¡£
ÊÆ¥³¥ó¥Ô¥å¡¼¥¿¶ÛµÞ»öÂÖÂкö¥Á¡¼¥à¡ÊUS-CERT: United States Computer Emergency Readiness Team¡Ë¤Ï11·î4Æü(Êƹñ»þ´Ö)¡¢¡ÖBrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities¡ÃCISA¡×¤Ë¤ª¤¤¤Æ¡¢¤³¤ÎBrakTooth¤Î³µÇ°¼Â¾Ú¡ÊPoC¡Ë¥Ä¡¼¥ë¤¬¸¦µæ¥°¥ë¡¼¥×¤Ë¤è¤Ã¤Æ¸ø³«¤µ¤ì¤¿¤ÈÅÁ¤¨¤¿¡£BrakTooth¤ò°ÍѤµ¤ì¤ë¤È¡¢¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²¡ÊDoS¡Ë¤ä¤«¤éǤ°Õ¤Î¥³¡¼¥É¼Â¹Ô¤Ê¤É¤Î¤µ¤Þ¤¶¤Þ¤Ê¹¶·â¤Ë¤µ¤é¤µ¤ì¤ë´í¸±À¤¬¤¢¤ë¤¿¤á¡¢ÁáµÞ¤Ë²óÈòºö¤ò¹Ö¤¸¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£
BrakTooth¤Ë´Ø¤¹¤ë¾ÜºÙ¤Ê¾ðÊó¤Ï¼¡¤Î¥Ú¡¼¥¸¤Ç¸ø³«¤µ¤ì¤Æ¤¤¤ë¡£
ASSET Research Group: BrakTooth
BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
BrakTooth¤Ë¤è¤ë¹¶·â¤Ï¡¢¥«¥¹¥¿¥à¤µ¤ì¤¿LMP¥Õ¥¡¡¼¥à¥¦¥§¥¢¤òÈ÷¤¨¤¿ESP32³«È¯¥¥Ã¥È¤È¡¢PoC¥Ä¡¼¥ë¤ò¼Â¹Ô¤¹¤ë¤¿¤á¤ÎPC¤µ¤¨¤¢¤ì¤Ð¼Â¹Ô²Äǽ¤À¤È¤¤¤¦¡£PoC¥Ä¡¼¥ë¤Ï¥·¥ê¥¢¥ë¥Ý¡¼¥È¤ò²ð¤·¤ÆESP32¥Ü¡¼¥É¤ÈÄÌ¿®¤·¡¢»ØÄꤵ¤ì¤¿Bluetooth¥Ç¥Ð¥¤¥¹¤ËÂФ·¤Æ¹¶·â¤ò»Å³Ý¤±¤ë¤³¤È¤¬¤Ç¤¤ë¡£
BrakTooth¤òÍøÍѤ·¤¿¹¶·â¤Î¥¤¥á¡¼¥¸ ¡¡°úÍÑ:¸¦µæ¥°¥ë¡¼¥×¤Ë¤è¤ë¥ì¥Ý¡¼¥È
¼Â»Ü¤Ç¤¤ë¹¶·â¤ÎÎã¤È¤·¤Æ¤Ï¡¢IoT¥Ç¥Ð¥¤¥¹¤Ø¤ÎǤ°Õ¥³¡¼¥É¤Î¼Â¹Ô¡¢¥Î¡¼¥ÈPC¤ä¥¹¥Þ¡¼¥È¥Õ¥©¥ó¤Î¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²¡ÊDoS¡Ë¡¢¥ª¡¼¥Ç¥£¥ªÀ½ÉʤΥե꡼¥º¤¬¾Ò²ð¤µ¤ì¤Æ¤¤¤ë¡£¹¶·â¤Ë»ÈÍѤ¹¤ë´Ä¶¤Ï15¥É¥ë̤Ëþ¤Ç¹½ÃۤǤ¤ë¤È¤¤¤¦¡£
¸¦µæ¥°¥ë¡¼¥×¤Ç¤Ï¡¢¥Ù¥ó¥À¡¼¤Ë¤è¤ëÂбþ¤Î¤¿¤á¤Îͱͽ´ü´Ö¤òÀߤ±¤¿¾å¤Ç¡¢2021ǯ10·îËöº¢¤ËÀȼåÀ¤Î¸¡¾Ú¤ËÍøÍѲÄǽ¤ÊPoC¥Ä¡¼¥ë¤ò¸ø³«¤¹¤ëͽÄê¤È¥¢¥Ê¥¦¥ó¥¹¤·¤Æ¤¤¤¿¡£¤³¤ì¤Ï¡¢¥Ù¥ó¥À¡¼¤äBluetoothÀ½Éʤγ«È¯¼Ô¤¬¼«Ê¬¤ÎÀ½Éʤò¸¡¾Ú¤Ç¤¤ë¤è¤¦¤Ë¤¹¤ë¤³¤È¤ò¹Íθ¤·¤Æ¤Î¤³¤È¤À¡£PoC¥Ä¡¼¥ë¤ÏGitHub¥ê¥Ý¥¸¥È¥ê¤Ç¸ø³«¤µ¤ì¡¢¸½ºß¤Ïï¤Ç¤â¥À¥¦¥ó¥í¡¼¥É¤·¤ÆÍøÍѤǤ¤ë¾õÂ֤ˤʤäƤ¤¤ë¡£
ÊƹñÅÚ°ÂÁ´Êݾã¾Ê¥µ¥¤¥Ð¡¼¥»¥¥å¥ê¥Æ¥£¡¦¥¤¥ó¥Õ¥é¥¹¥È¥é¥¯¥Á¥ã¥»¥¥å¥ê¥Æ¥£Ä£(CISA: Cybersecurity and Infrastructure Security Agency)¤Ï¡¢BluetoothÀ½ÉʤΥ᡼¥«¡¼¤ä¥Ù¥ó¥À¡¼¡¢¤ª¤è¤Ó³«È¯¼Ô¤ËÂФ·¡¢BrakTooth¤Î¾ÜºÙ¥ì¥Ý¡¼¥È¤ò³Îǧ¤·¤¿¾å¤ÇÀȼå¤äSoC¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ò¹¹¿·¤¹¤ë¤«¡¢¤Þ¤¿¤ÏŬÀڤʲóÈòºö¤ò¼Â»Ü¤¹¤ë¤è¤¦¸Æ¤Ó¤«¤±¤Æ¤¤¤ë¡£
ÊÆ¥³¥ó¥Ô¥å¡¼¥¿¶ÛµÞ»öÂÖÂкö¥Á¡¼¥à¡ÊUS-CERT: United States Computer Emergency Readiness Team¡Ë¤Ï11·î4Æü(Êƹñ»þ´Ö)¡¢¡ÖBrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities¡ÃCISA¡×¤Ë¤ª¤¤¤Æ¡¢¤³¤ÎBrakTooth¤Î³µÇ°¼Â¾Ú¡ÊPoC¡Ë¥Ä¡¼¥ë¤¬¸¦µæ¥°¥ë¡¼¥×¤Ë¤è¤Ã¤Æ¸ø³«¤µ¤ì¤¿¤ÈÅÁ¤¨¤¿¡£BrakTooth¤ò°ÍѤµ¤ì¤ë¤È¡¢¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²¡ÊDoS¡Ë¤ä¤«¤éǤ°Õ¤Î¥³¡¼¥É¼Â¹Ô¤Ê¤É¤Î¤µ¤Þ¤¶¤Þ¤Ê¹¶·â¤Ë¤µ¤é¤µ¤ì¤ë´í¸±À¤¬¤¢¤ë¤¿¤á¡¢ÁáµÞ¤Ë²óÈòºö¤ò¹Ö¤¸¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£
ASSET Research Group: BrakTooth
BrakTooth¤Ë¤è¤ë¹¶·â¤Ï¡¢¥«¥¹¥¿¥à¤µ¤ì¤¿LMP¥Õ¥¡¡¼¥à¥¦¥§¥¢¤òÈ÷¤¨¤¿ESP32³«È¯¥¥Ã¥È¤È¡¢PoC¥Ä¡¼¥ë¤ò¼Â¹Ô¤¹¤ë¤¿¤á¤ÎPC¤µ¤¨¤¢¤ì¤Ð¼Â¹Ô²Äǽ¤À¤È¤¤¤¦¡£PoC¥Ä¡¼¥ë¤Ï¥·¥ê¥¢¥ë¥Ý¡¼¥È¤ò²ð¤·¤ÆESP32¥Ü¡¼¥É¤ÈÄÌ¿®¤·¡¢»ØÄꤵ¤ì¤¿Bluetooth¥Ç¥Ð¥¤¥¹¤ËÂФ·¤Æ¹¶·â¤ò»Å³Ý¤±¤ë¤³¤È¤¬¤Ç¤¤ë¡£
¼Â»Ü¤Ç¤¤ë¹¶·â¤ÎÎã¤È¤·¤Æ¤Ï¡¢IoT¥Ç¥Ð¥¤¥¹¤Ø¤ÎǤ°Õ¥³¡¼¥É¤Î¼Â¹Ô¡¢¥Î¡¼¥ÈPC¤ä¥¹¥Þ¡¼¥È¥Õ¥©¥ó¤Î¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²¡ÊDoS¡Ë¡¢¥ª¡¼¥Ç¥£¥ªÀ½ÉʤΥե꡼¥º¤¬¾Ò²ð¤µ¤ì¤Æ¤¤¤ë¡£¹¶·â¤Ë»ÈÍѤ¹¤ë´Ä¶¤Ï15¥É¥ë̤Ëþ¤Ç¹½ÃۤǤ¤ë¤È¤¤¤¦¡£
¸¦µæ¥°¥ë¡¼¥×¤Ç¤Ï¡¢¥Ù¥ó¥À¡¼¤Ë¤è¤ëÂбþ¤Î¤¿¤á¤Îͱͽ´ü´Ö¤òÀߤ±¤¿¾å¤Ç¡¢2021ǯ10·îËöº¢¤ËÀȼåÀ¤Î¸¡¾Ú¤ËÍøÍѲÄǽ¤ÊPoC¥Ä¡¼¥ë¤ò¸ø³«¤¹¤ëͽÄê¤È¥¢¥Ê¥¦¥ó¥¹¤·¤Æ¤¤¤¿¡£¤³¤ì¤Ï¡¢¥Ù¥ó¥À¡¼¤äBluetoothÀ½Éʤγ«È¯¼Ô¤¬¼«Ê¬¤ÎÀ½Éʤò¸¡¾Ú¤Ç¤¤ë¤è¤¦¤Ë¤¹¤ë¤³¤È¤ò¹Íθ¤·¤Æ¤Î¤³¤È¤À¡£PoC¥Ä¡¼¥ë¤ÏGitHub¥ê¥Ý¥¸¥È¥ê¤Ç¸ø³«¤µ¤ì¡¢¸½ºß¤Ïï¤Ç¤â¥À¥¦¥ó¥í¡¼¥É¤·¤ÆÍøÍѤǤ¤ë¾õÂ֤ˤʤäƤ¤¤ë¡£
ÊƹñÅÚ°ÂÁ´Êݾã¾Ê¥µ¥¤¥Ð¡¼¥»¥¥å¥ê¥Æ¥£¡¦¥¤¥ó¥Õ¥é¥¹¥È¥é¥¯¥Á¥ã¥»¥¥å¥ê¥Æ¥£Ä£(CISA: Cybersecurity and Infrastructure Security Agency)¤Ï¡¢BluetoothÀ½ÉʤΥ᡼¥«¡¼¤ä¥Ù¥ó¥À¡¼¡¢¤ª¤è¤Ó³«È¯¼Ô¤ËÂФ·¡¢BrakTooth¤Î¾ÜºÙ¥ì¥Ý¡¼¥È¤ò³Îǧ¤·¤¿¾å¤ÇÀȼå¤äSoC¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ò¹¹¿·¤¹¤ë¤«¡¢¤Þ¤¿¤ÏŬÀڤʲóÈòºö¤ò¼Â»Ü¤¹¤ë¤è¤¦¸Æ¤Ó¤«¤±¤Æ¤¤¤ë¡£
