Charlie Miller

Early Life and Career

Miller began his career working as an analyst for the National Security Agency (NSA) for five years, where he focused on intelligence analysis and exploit development. This experience provided him with a foundational understanding of sophisticated attack techniques and defensive measures. After leaving the NSA, Miller transitioned into the private sector, applying his expertise to commercial cybersecurity research.

Notable Contributions and Research

Mobile Device Security

Miller gained considerable notoriety for his pioneering work in mobile device security, particularly with Apple's iPhone.

• iPhone Exploits: In 2007, he was among the first to publicly demonstrate a critical vulnerability in the original iPhone that allowed arbitrary code execution. He subsequently won the first iPhone Pwn2Own competition in 2008 by exploiting Safari on the iPhone.
• Android Exploits: He also conducted extensive research into Android security, identifying and demonstrating significant vulnerabilities in various Android devices and the platform itself.

Web Browser and Operating System Exploits

A multi-time winner of the prestigious Pwn2Own hacking competition, Miller demonstrated exploits against a wide range of web browsers and operating systems, including:

• Safari: Exploited Safari on both macOS and iOS.
• Internet Explorer: Successfully exploited vulnerabilities in Microsoft's browser.
• Firefox and Chrome: Demonstrated exploits against these popular browsers as well. His consistent success at Pwn2Own highlighted the persistent vulnerabilities in widely used software and operating systems.

Automotive Cybersecurity (Car Hacking)

One of Miller's most impactful and widely publicized research efforts involved automotive cybersecurity.

• Jeep Cherokee Hack (with Chris Valasek): In 2015, working with fellow security researcher Chris Valasek, Miller famously demonstrated the ability to remotely hack a 2014 Jeep Cherokee. They were able to manipulate various vehicle functions, including turning off the engine, engaging the brakes, and controlling the infotainment system, from miles away using the vehicle's Uconnect system. This groundbreaking research led to a recall of 1.4 million vehicles by Fiat Chrysler Automobiles (FCA) and significantly raised public and industry awareness about the critical importance of automotive cybersecurity.

Professional Affiliations

Throughout his career, Miller has held prominent roles at several technology companies:

• Apple: Worked as a security engineer.
• Twitter: Served as a security architect.
• Uber: Joined Uber's Advanced Technologies Group, focusing on the security of self-driving cars.
• Cruise Automation: Worked on security for autonomous vehicles.
• GRIMM: Co-founded GRIMM, a cybersecurity consultancy and research firm, continuing his work in vulnerability research and penetration testing.

Philosophy and Impact

Charlie Miller is a proponent of responsible disclosure, believing that identifying and publicly demonstrating vulnerabilities (after giving vendors time to patch) is crucial for improving overall security. His work has significantly influenced the cybersecurity landscape by:

• Pushing technology companies to invest more in securing their products.
• Educating the public about the real-world implications of software vulnerabilities.
• Pioneering research in emerging areas like automotive cybersecurity, establishing new benchmarks for security testing in critical infrastructure.