Charlie Miller

Charlie Miller Hacker

Born: May 6, 1973, St Louis, Missouri

Known as one of the “cheekiest [and] charismatic guys around,” Charlie Miller was born and raised in St. Louis, MO. As an undergraduate he went to Truman State University and gained a Ph.D. in mathematics from the University of Notre Dame. He then worked for five years as a “hacker” for the National Security Agency (NSA).

At the 2007 Black Hat security conference in Las Vegas Miller became the first security expert to hijack the iPhone via vulnerabilities he discovered in the mobile web Safari browser.

In 2008 at the Pwn2Own contest at the CanSecWest Conference in Vancouver, in a challenge between three operating systems OS X, Vista and Linux, Miller pwned a Macbook via a weakness in Safari. He completed the exploit in under 2 minutes and proved that the supposedly impenetrable Apple operating system was anything but. For his hacking feats he won a $10,000 prize.

In 2009 Miller beat his earlier time by cracking another Mac computer, this time in under 10 seconds. Just as with earlier hijacks, the exploit involved having someone click a URL that infected his computer with malware giving Miller access to the system. This time Miller won $5,000 and the computer he hacked as a prize.

In subsequent years he continued to exploit Apple security vulnerabilities targeting the iOS system including sneaking an app into the Apple store in 2011 called “Instastock” that could download remote, (a massive no-no in the stringent world of iOS app submission approval) malicious code , which among other things could steal a users photos or read his or her contacts unknown to them. Upon Miller informing Apple of his app they immediately removed the app from the store.

Miller’s most famous exploit took place when he along with his colleague Chris Valasek demonstrated that he could hack into a 2014 Jeep Cherokee remotely via the car’s internet-connected entertainment system and take complete control of the car from blasting Skee-lo on the radio, turning the A/C and vents up to their maximum settings and ultimately to taking control of the brakes, all while Wired reporter, Andy Greenberg, was driving the car.

Video of the “Wired” 2014 Jeep Hack with Andy Greenberg:

In 2016 after Jeep had led a massive recall of 1.4 million Jeeps to fix the vulnerability Miller and Valasek had exposed the duo hacked into the car AGAIN and took even further control of it.

Miller’s “day jobs” have taken him through roles at several major companies. In 2012 he began working at Twitter as a Penetration Tester as part of it’s product security team. In 2015 he went to work at Uber leading the cyber security team for it’s self driving cars at Uber’s Advanced Technologies Center. What followed were stints at China’s Didi tech transportation company and General Motor’s Cruise automation where he is currently the Principal Autonomous Vehicle Security Architect (this profile was written in December 2019).

Miller has published several books including iOS Hacker’s Handbook, The Mac Hacker’s Handbook, and Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy)

Interesting Facts

  • Miller tweets under the handle 0xcharlie.
  • He won the “Super Bowl” of hacking contests, the Pwn2Own competition, four times.
  • After graduate school Miller sent in “many” job applications to NASA–all were ignored.
  • He was also known as the first hacker to exploit both the iOS and first Android phone.

Sources Used For This Article

Leave a Reply

Your email address will not be published. Required fields are marked *