Department of Electrical and Electronic Engineering, Graduate School of Engineering

Department of Electrical and Electronic Engineering, Faculty of Engineering

Products

• Developing and operating cram schools business management service named `Juksl`

• In charge of front-end (Next.js/TypeScript) and back-end(Golang) development.

• Implemented the transition from monolithic to microservices, as the service is extended.

• Increased processing speed by approximately 17% by improving business logic algorithms.

• Implemented the function that generate and update some of the code automatically to implementation operational efficiency.

• Built an access log analysis tool for a payment service in actual operation.

• The construction environment was built on AWS.

• Learned about Sony's SDL (Security Development Lifecycle). Specifically, I learned about recurrence prevention activities, risk assessment, and security testing through practice.

• Implemented a fuzzing tool for Bluetooth BR/EDR in C. Using libbluetooth-dev library, fuzzing for 5 protocols including L2CAP is enabled.

• Implemented a receipt parser for mail order services that are actually in operation in Golang.

• Created k8s manifests using Kustomize, and deployed and released the services to the production environment.

• Analyzed the Nginx access logs using alp command.

• Performed web performance tuning (solving the N+1 problem, optimizing SQL, and reducing the number of system calls) and managed to improve processing speed by approximately 20 times.

• Analyzed malware and ransomware.

• Got the 1st score in CTF contest among the interns.

• Developed e-learning system in PHP as a part of the “サイバーセキュリティお助け隊サービス(Cyber Security Help Team Service)” sponsored by the Osaka Chamber of Commerce and Industry.

Products

• Developed game-style cyber security education application named `SUGOSEKU` in JavaScript.

• Analyzed data of cyber security awareness from the collected data using R language.

Non Peer-Reviewed Paper

IEICE Technical Report, vol. 124, no. 422, ICSS2024-102, pp. 257-264

Non Peer-Reviewed Paper

pp.1-8, 2025-01-21

Peer-Reviewed Journal Paper

pp. 1066--1081, 2024-12-15

Non Peer-Reviewed Paper (Award Paper)

Vol.2024-CSEC-106 No.82, 2024-07-15

Preprint Paper

2024-06-06

Peer-Reviewed International Conference Paper

pp.11-19, 2023-11-28

Non Peer-Reviewed Paper (Award Paper)

pp.103-109, 2023-11-02

Non Peer-Reviewed Paper

pp.1136-1142, 2023-10-23

Non Peer-Reviewed Paper

pp.393-399, 2022-10-27

Non Peer-Reviewed Paper

pp.33-40, 2022-08-30

We discovered a new vulnerability (CWE-287 related) in the Bluetooth authentication process of WH-1000XM5 in August 2024. We reported the new vulnerability to Sony via HackerOne.

Sony acknowledged the vulnerability in November 2024.

Sony released firmware with the applied patch as v2.4.1 in February 2025.

In March 2025, acknowledgments were published in both English and Japanese.

This vulnerability was discovered using our attack tool, Breaktooth, that we developed.

We made a conference presentation that included an explanation of this vulnerability at ICSS2025@Okinawa.

Our contributions have been selected as Sony's Hacker of the Month for March 2025 on HackerOne

I would like to express my gratitude to Associate Professor Hiroki Kuzuno, Professor Yoshiaki Shiraishi, and Professor Masakatu Morii (ES3 Lab, Kobe University) for their cooperation in investigating the vulnerability.

Below is a demonstration of the MITP attack:

Below is a demonstration of the Breaktooth attack:

Title: Security Accessments and Defenses for Communication Systems

Listening : 420, Reading : 405