Charlie Miller (security researcher): Difference between revisions

Charlie Miller
Charlie Miller
	Miller speaking at Truman State University
Nationality	American
Alma mater	Northeast Missouri State, University of Notre Dame
Known for	Pwn2Own contest winner
	Scientific career
Fields	Computer science
Thesis	New Types of Soliton Solutions in Nonlinear Evolution Equations (2000)
Doctoral advisor	Mark S. Alber

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Inline

Latest revision as of 03:07, 8 March 2023

Charles Alfred Miller is an American computer security researcher with Cruise Automation.^[1]^[2] Prior to his current employment, he spent five years working for the National Security Agency and has worked for Uber.^[3]

Education

Miller holds a bachelor's degree in mathematics with a minor in philosophy from the then called Northeast Missouri State, and a Ph.D. in mathematics from the University of Notre Dame in 2000. He lives in Wildwood, Missouri.^[1]

Security research

As of 2007^[update] Miller was a lead analyst at Independent Security Evaluators, a computer protection consultancy.^[4] He has publicly demonstrated many security exploits of Apple products. In 2008, he won a $10,000 cash prize at the hacker conference Pwn2Own in Vancouver, British Columbia, Canada for being the first to find a critical bug in the MacBook Air.^[5]^[6] In 2009, he won $5,000 for cracking Apple's Safari browser.^[7] Also in 2009, he and Collin Mulliner demonstrated an SMS processing vulnerability that allowed for complete compromise of the Apple iPhone and denial-of-service attacks on other phones. In 2011, he found a security hole in the iPhone and iPad, whereby an application can contact a remote computer to download new unapproved software that can execute any command that could steal personal data or otherwise using iOS applications functions for malicious purposes. As a proof of concept, Miller created an application called Instastock that was approved by Apple's App Store. He then informed Apple about the security hole, who promptly expelled him from the App Store.^[8]

Miller participated in research on discovering security vulnerabilities in NFC (Near Field Communication).^[9]

Miller, along with Chris Valasek, is known for remotely hacking a 2014 Jeep Cherokee and controlling the braking, steering, and acceleration of the vehicle.^[10]

Publications

iOS Hacker Handbook^[11]
The Mac Hacker's Handbook^[12]
Fuzzing for Software Security Testing and Quality Assurance^[13]
Battery firmware hacking: inside the innards of a smart battery^[14]

References

^ ^a ^b "Wildwood man is renowned for hacking, cybersecurity skills". St. Louis Post-Dispatch. STLtoday.com. June 18, 2012. Retrieved June 18, 2012.
^ Menn, Joseph (24 August 2015). "Security researcher who hacked moving Jeep leaves Twitter". Reuters. Archived from the original on 24 September 2015. Retrieved 24 August 2015.
^ O'Harrow Jr, Robert (June 2, 2012). "Understanding cyberspace is key to defending against digital attacks". The Washington Post. Retrieved June 18, 2012.
^ "We hacked into Apple's iPhone, claim security researchers". The Guardian. 24 July 2007. Retrieved 2021-01-07.
^ "MacBook Air first to fall in hacking contest vs Vista and Linux". The Guardian. 28 March 2008. Retrieved 2021-01-07.
^ "Gone in 2 minutes: Mac gets hacked first in contest". Macworld. 28 March 2008. Retrieved 2021-01-07.
^ Schofield, Jack (18 March 2009). "Pwn2Own 2009: Mac falls in seconds". The Guardian. Retrieved 2021-01-07.
^ Lowensohn, Josh. "Apple boots security guru who exposed iPhone exploit". CNET. Retrieved 2021-01-07.
^ Greenberg, Andy (2012-07-25). "DARPA-Funded Researcher Can Take Over Android And Nokia Phones By Merely Waving Another Device Near Them". Forbes. Retrieved 2018-05-08.
^ Greenberg, Andy (2015-07-21). "Hackers Remotely Kill a Jeep on the Highway—With Me in It". Wired. Retrieved 2018-05-08.
^ Miller, Charlie. (2012). IOS Hacker's Handbook. Blazakis, Dion., DaiZovi, Dino., Esser, Stefan., Iozzo, Vincenzo., Weinmann, Ralf-Philip. New York: Wiley. ISBN 978-1-118-24075-5. OCLC 815648715.
^ Miller, Charles, 1951- (2009). The Mac hacker's handbook. Dai Zovi, Dino. Indianapolis, IN: Wiley. ISBN 978-0-470-48147-9. OCLC 320957610.{{cite book}}: CS1 maint: multiple names: authors list (link) CS1 maint: numeric names: authors list (link)
^ Takanen, Ari. (2008). Fuzzing for software security testing and quality assurance. Demott, Jared D., Miller, Charles, 1951-. Boston: Artech House. ISBN 978-1-59693-215-9. OCLC 568023386.
^ Miller, Charlie (2011-07-12). "Battery Firmware Hacking: Inside the innards of a Smart Battery" (PDF). BlackHat.

External links

Andy Greenberg (2010-04-12). "The Mac Hacker Strikes Again". Forbes.com.
Nick Barber, Robert McMillan (2008-03-28). "Apple Mac Hacked in Two Minutes at CanSecWest". YouTube.
Brian Krebs (2008-10-08). "The Internet's Top 10 Most Controversial Figures of 2008". Popular Mechanics. Archived from the original on 2008-10-11. Retrieved 2008-10-16.
Elinor Mills (2009-08-27). "Researchers who hack the Mac OS". CNET.
Alan Dang (2009-03-25). "Behind Pwn2Own: Exclusive Interview With Charlie Miller". Tom's Hardware.
"Charlie Miller". Hackers, Crackers And Thieves. 2019-12-11.

[Post-Dispatch-1] "Wildwood man is renowned for hacking, cybersecurity skills". St. Louis Post-Dispatch. STLtoday.com. June 18, 2012. Retrieved June 18, 2012.

[2] Menn, Joseph (24 August 2015). "Security researcher who hacked moving Jeep leaves Twitter". Reuters. Archived from the original on 24 September 2015. Retrieved 24 August 2015.

[3] O'Harrow Jr, Robert (June 2, 2012). "Understanding cyberspace is key to defending against digital attacks". The Washington Post. Retrieved June 18, 2012.

[4] "We hacked into Apple's iPhone, claim security researchers". The Guardian. 24 July 2007. Retrieved 2021-01-07.

[5] "MacBook Air first to fall in hacking contest vs Vista and Linux". The Guardian. 28 March 2008. Retrieved 2021-01-07.

[6] "Gone in 2 minutes: Mac gets hacked first in contest". Macworld. 28 March 2008. Retrieved 2021-01-07.

[theguardian-schofield-2009-7] Schofield, Jack (18 March 2009). "Pwn2Own 2009: Mac falls in seconds". The Guardian. Retrieved 2021-01-07.

[8] Lowensohn, Josh. "Apple boots security guru who exposed iPhone exploit". CNET. Retrieved 2021-01-07.

[9] Greenberg, Andy (2012-07-25). "DARPA-Funded Researcher Can Take Over Android And Nokia Phones By Merely Waving Another Device Near Them". Forbes. Retrieved 2018-05-08.

[10] Greenberg, Andy (2015-07-21). "Hackers Remotely Kill a Jeep on the Highway—With Me in It". Wired. Retrieved 2018-05-08.

[11] Miller, Charlie. (2012). IOS Hacker's Handbook. Blazakis, Dion., DaiZovi, Dino., Esser, Stefan., Iozzo, Vincenzo., Weinmann, Ralf-Philip. New York: Wiley. ISBN 978-1-118-24075-5. OCLC 815648715.

[12] Miller, Charles, 1951- (2009). The Mac hacker's handbook. Dai Zovi, Dino. Indianapolis, IN: Wiley. ISBN 978-0-470-48147-9. OCLC 320957610.{{cite book}}: CS1 maint: multiple names: authors list (link) CS1 maint: numeric names: authors list (link)

[13] Takanen, Ari. (2008). Fuzzing for software security testing and quality assurance. Demott, Jared D., Miller, Charles, 1951-. Boston: Artech House. ISBN 978-1-59693-215-9. OCLC 568023386.

[14] Miller, Charlie (2011-07-12). "Battery Firmware Hacking: Inside the innards of a Smart Battery" (PDF). BlackHat.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

@@ Line 1: / Line 1: @@
+{{Short description|American computer security researcher}}
 {{other people|Charles Miller}}
 {{Infobox scientist
 | name = Charlie Miller
 | image = CharlieMillerHolmanSpeaker2015-20.jpg
-| caption = Charlie Miler speaking at Truman State University
+| caption = Miller speaking at Truman State University
 | birth_date = <!-- {{birth date and age|1973|05|06}} -->
 | birth_place =
-| nationality = [[United States]]
+| nationality = American
 | alma_mater = [[Truman State University|Northeast Missouri State]], [[University of Notre Dame]]
-| fields = [[Computer science|Computer Science]]
+| fields = [[Computer science]]
 | doctoral_advisor = Mark S. Alber
 | thesis_title = New Types of Soliton Solutions in Nonlinear Evolution Equations
@@ Line 15: / Line 16: @@
 }}
-'''Charles Alfred Miller''' is an American [[computer security]] researcher with [[Cruise Automation]].<ref name="Post-Dispatch">{{cite news|url=http://www.stltoday.com/news/local/metro/wildwood-man-is-renowned-for-hacking-cybersecurity-skills/article_6483524f-608b-5bcb-b27d-546886698dfb.html|title=Wildwood man is renowned for hacking, cybersecurity skills|date=June 18, 2012|work=[[St. Louis Post-Dispatch]]|publisher=STLtoday.com|accessdate=June 18, 2012}}</ref><ref>{{cite web|last1=Menn|first1=Joseph|title=Security researcher who hacked moving Jeep leaves Twitter|url=https://www.reuters.com/article/2015/08/24/us-twitter-miller-idUSKCN0QT2FJ20150824?feedType=RSS&feedName=technologyNews|website=Reuters|accessdate=24 August 2015}}</ref><ref>{{Cite news|url=https://twitter.com/0xcharlie/status/839529219969466370|title=Charlie Miller on Twitter|work=Twitter|access-date=2017-03-20|language=en}}</ref> Prior to his current employment, he spent five years working for the [[National Security Agency]] and has worked for [[Uber (company)|Uber]].<ref>{{cite news|url=https://twitter.com/0xcharlie/status/637354079132385280|title=Charlie Miller joins Uber Advanced Technology Center|date=August 28, 2015|work=[[Twitter]]}}</ref><ref>{{cite news|url=https://www.washingtonpost.com/investigations/understanding-cyberspace-is-key-to-defending-against-digital-attacks/2012/06/02/gJQAsIr19U_story.html|title=Understanding cyberspace is key to defending against digital attacks|date=June 2, 2012|work=[[The Washington Post]]|publisher=The Washington Post Company|accessdate=June 18, 2012|first=Robert|last=O'Harrow Jr}}</ref> Miller holds a Bachelors in Mathematics with a minor in Philosophy from [[Truman State University|Northeast Missouri State]] (now Truman State University), and a Ph.D. in Mathematics from the [[University of Notre Dame]] in 2000. He currently lives in [[Wildwood, Missouri]].<ref name="Post-Dispatch" />
+'''Charles Alfred Miller''' is an American [[computer security]] researcher with [[Cruise Automation]].<ref name="Post-Dispatch">{{cite news|url=http://www.stltoday.com/news/local/metro/wildwood-man-is-renowned-for-hacking-cybersecurity-skills/article_6483524f-608b-5bcb-b27d-546886698dfb.html|title=Wildwood man is renowned for hacking, cybersecurity skills|date=June 18, 2012|work=[[St. Louis Post-Dispatch]]|publisher=STLtoday.com|access-date=June 18, 2012}}</ref><ref>{{cite news|last1=Menn|first1=Joseph|title=Security researcher who hacked moving Jeep leaves Twitter|url=https://www.reuters.com/article/us-twitter-miller-idUSKCN0QT2FJ20150824?feedType=RSS&feedName=technologyNews|website=Reuters|date=24 August 2015 |access-date=24 August 2015|archive-date=24 September 2015|archive-url=https://web.archive.org/web/20150924222234/http://www.reuters.com/article/2015/08/24/us-twitter-miller-idUSKCN0QT2FJ20150824?feedType=RSS&feedName=technologyNews|url-status=live}}</ref> Prior to his current employment, he spent five years working for the [[National Security Agency]] and has worked for [[Uber]].<ref>{{cite news|url=https://www.washingtonpost.com/investigations/understanding-cyberspace-is-key-to-defending-against-digital-attacks/2012/06/02/gJQAsIr19U_story.html|title=Understanding cyberspace is key to defending against digital attacks|date=June 2, 2012|newspaper=[[The Washington Post]]|access-date=June 18, 2012|first=Robert|last=O'Harrow Jr}}</ref>
+== Education ==
-Miller has publicly demonstrated many security exploits of [[Apple Computer|Apple]] products. In 2008, he won a $10,000 cash prize at the hacker conference [[Pwn2Own]] in [[Vancouver|Vancouver, British Columbia]], Canada for being the first to find a critical bug in the [[MacBook Air]].{{citation needed|date=August 2014}} The following year, he won $5,000 for cracking [[Safari (web browser)|Safari]]. In 2009, he and Collin Mulliner demonstrated an [[Short Message Service|SMS]] processing vulnerability that allowed for complete compromise of the Apple [[iPhone]] and [[denial-of-service attack]]s on other phones. In 2011, he found a security hole in the iPhone and iPad, whereby an application can contact a remote computer to download new unapproved software that can execute any command that could steal personal data or otherwise using [[iOS]] applications functions for malicious purposes. As a proof of concept, Miller created an application called ''Instastock'' that was approved by Apple's [[App Store (iOS)|App Store]]. He then informed Apple about the security hole, who then promptly expelled him from the App Store.<ref>{{Cite web|url=http://apple.slashdot.org/story/11/11/07/2029219/charlie-miller-circumvents-code-signing-for-ios-apps|title=Charlie Miller Circumvents Code Signing For iOS Apps|last=|first=|date=2011-11-07|website=slashdot.org|language=en|access-date=2018-05-08}}</ref>
+Miller holds a bachelor's degree in [[mathematics]] with a minor in [[philosophy]] from the then called [[Truman State University|Northeast Missouri State]], and a Ph.D. in mathematics from the [[University of Notre Dame]] in 2000. He lives in [[Wildwood, Missouri]].<ref name="Post-Dispatch" />
+== Security research ==
-Miller participated in research on discovering security vulnerabilities in NFC (Near Field Communication).<ref>{{Cite news|url=https://www.forbes.com/sites/andygreenberg/2012/07/25/darpa-funded-researcher-can-take-over-android-and-nokia-phones-by-merely-waving-another-device-near-them/|title=DARPA-Funded Researcher Can Take Over Android And Nokia Phones By Merely Waving Another Device Near Them|last=Greenberg|first=Andy|date=2012-07-25|work=Forbes|access-date=2018-05-08|language=en}}</ref>
+{{as of|2007}} Miller was a lead analyst at Independent Security Evaluators, a computer protection consultancy.<ref>{{cite web|access-date=2021-01-07|title=We hacked into Apple's iPhone, claim security researchers|url=http://www.theguardian.com/world/2007/jul/24/usa.digitalmedia|date=24 July 2007|website=The Guardian}}</ref> He has publicly demonstrated many security exploits of [[Apple Computer|Apple]] products. In 2008, he won a $10,000 cash prize at the hacker conference [[Pwn2Own]] in [[Vancouver|Vancouver, British Columbia]], Canada for being the first to find a critical bug in the [[MacBook Air]].<ref>{{cite web|access-date=2021-01-07|title=MacBook Air first to fall in hacking contest vs Vista and Linux|url=http://www.theguardian.com/technology/blog/2008/mar/28/macbookairfirsttofallinh|date=28 March 2008|website=The Guardian}}</ref><ref>{{cite web|access-date=2021-01-07|title=Gone in 2 minutes: Mac gets hacked first in contest|url=https://www.macworld.com/article/1132733/hack.html|date=28 March 2008|website=Macworld}}</ref> In 2009, he won $5,000 for cracking Apple's [[Safari (web browser)|Safari]] browser.<ref name="theguardian-schofield-2009">{{cite web|first1=Jack|last1=Schofield|authorlink=Jack Schofield (journalist)|access-date=2021-01-07|title=Pwn2Own 2009: Mac falls in seconds|url=http://www.theguardian.com/technology/blog/2009/mar/18/apple-pwned-again|date=18 March 2009|website=The Guardian}}</ref> Also in 2009, he and Collin Mulliner demonstrated an [[Short Message Service|SMS]] processing vulnerability that allowed for complete compromise of the Apple [[iPhone]] and [[denial-of-service attack]]s on other phones. In 2011, he found a security hole in the iPhone and iPad, whereby an application can contact a remote computer to download new unapproved software that can execute any command that could steal personal data or otherwise using [[iOS]] applications functions for malicious purposes. As a proof of concept, Miller created an application called ''Instastock'' that was approved by Apple's [[App Store (iOS)|App Store]]. He then informed Apple about the security hole, who promptly expelled him from the App Store.<ref>{{cite web|first1=Josh|last1=Lowensohn|access-date=2021-01-07|title=Apple boots security guru who exposed iPhone exploit|url=https://www.cnet.com/news/apple-boots-security-guru-who-exposed-iphone-exploit/|website=CNET}}</ref>
+Miller participated in research on discovering security vulnerabilities in NFC ([[Near-field communication|Near Field Communication]]).<ref>{{Cite news|url=https://www.forbes.com/sites/andygreenberg/2012/07/25/darpa-funded-researcher-can-take-over-android-and-nokia-phones-by-merely-waving-another-device-near-them/|title=DARPA-Funded Researcher Can Take Over Android And Nokia Phones By Merely Waving Another Device Near Them|last=Greenberg|first=Andy|date=2012-07-25|work=Forbes|access-date=2018-05-08|language=en}}</ref>
-He has also published three books.<ref>{{Cite web|url=https://www.amazon.com/Charlie-Miller/e/B0085NZ1PS/ref=dp_byline_cont_book_1|title=Charlie Miller: Books, Biography, Blog, Audiobooks, Kindle|last=|first=|date=|website=www.amazon.com|access-date=2018-05-08}}</ref>
-Miller, along with [[Chris Valasek]], is widely known for remotely hacking a 2014 [[Jeep Cherokee]] and controlling the braking, steering, and acceleration of the vehicle.<ref>{{cite web|url=https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/|title=Hackers Remotely Kill a Jeep on the Highway—With Me in It|author=Greenberg|first=Andy|date=2015-07-21|website=|publisher=[[Wired (magazine)|Wired]]|access-date=2018-05-08}}</ref>
+Miller, along with [[Chris Valasek]], is known for remotely hacking a 2014 [[Jeep Cherokee]] and controlling the [[Brake|braking]], [[steering]], and [[acceleration]] of the vehicle.<ref>{{cite web|url=https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/|title=Hackers Remotely Kill a Jeep on the Highway—With Me in It|last=Greenberg|first=Andy|date=2015-07-21|website=|publisher=[[Wired (magazine)|Wired]]|access-date=2018-05-08}}</ref>
+== Publications ==
+* iOS Hacker Handbook<ref>{{Cite book|last=Miller, Charlie.|title=IOS Hacker's Handbook.|date=2012|publisher=Wiley|others=Blazakis, Dion., DaiZovi, Dino., Esser, Stefan., Iozzo, Vincenzo., Weinmann, Ralf-Philip.|isbn=978-1-118-24075-5|location=New York|oclc=815648715}}</ref>
+* The Mac Hacker's Handbook<ref>{{Cite book|last=Miller, Charles, 1951-|title=The Mac hacker's handbook|date=2009|publisher=Wiley|others=Dai Zovi, Dino.|isbn=978-0-470-48147-9|location=Indianapolis, IN|oclc=320957610}}</ref>
+* Fuzzing for Software Security Testing and Quality Assurance<ref>{{Cite book|last=Takanen, Ari.|title=Fuzzing for software security testing and quality assurance|date=2008|publisher=Artech House|others=Demott, Jared D., Miller, Charles, 1951-|isbn=978-1-59693-215-9|location=Boston|oclc=568023386}}</ref>
+*Battery firmware hacking: inside the innards of a smart battery<ref>{{Cite web|title=Battery Firmware Hacking: Inside the innards of a Smart Battery|url=https://media.blackhat.com/bh-us-11/Miller/BH_US_11_Miller_Battery_Firmware_Public_WP.pdf|last=Miller|first=Charlie|date=2011-07-12|website=BlackHat|access-date=}}</ref>
 ==References==
-{{reflist}}
+{{Reflist}}
 == External links ==
 * {{cite news|url=https://www.forbes.com/forbes/2010/0412/technology-apple-hackers-charlie-miller.html|title=The Mac Hacker Strikes Again|author=Andy Greenberg|date=2010-04-12|work=[[Forbes.com]]}}
-* {{cite web|url=https://www.youtube.com/watch?v=no11eIx0x6w|title=Apple Mac Hacked in Two Minutes at CanSecWest|date=2008-03-28|author=Nick Barber, Robert McMillan}}
+* {{cite web|url=https://www.youtube.com/watch?v=no11eIx0x6w|title=Apple Mac Hacked in Two Minutes at CanSecWest|date=2008-03-28|author=Nick Barber, Robert McMillan|website=[[YouTube]] }}
+* {{cite web|url=http://www.popularmechanics.com/technology/industry/4286458.html?page=4|title=The Internet's Top 10 Most Controversial Figures of 2008|author=Brian Krebs|date=2008-10-08|publisher=[[Popular Mechanics]]|access-date=2008-10-16|archive-url=https://web.archive.org/web/20081011044901/http://www.popularmechanics.com/technology/industry/4286458.html?page=4|archive-date=2008-10-11|url-status=dead}}
-* {{cite web|url=http://cansecwest.com|title=CanSecWest Conference Homepage}}
-* {{cite web|url=http://www.popularmechanics.com/technology/industry/4286458.html?page=4|title=The Internet's Top 10 Most Controversial Figures of 2008|author=Brian Krebs|date=2008-10-08|publisher=[[Popular Mechanics]]|access-date=2008-10-16|archive-url=https://web.archive.org/web/20081011044901/http://www.popularmechanics.com/technology/industry/4286458.html?page=4#|archive-date=2008-10-11|dead-url=yes|df=}}
 * {{cite web|url=http://news.cnet.com/8301-27080_3-10318972-245.html|title=Researchers who hack the Mac OS|author=Elinor Mills|date=2009-08-27|publisher=[[CNET]]}}
 * {{cite web|url=http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254.html|title=Behind Pwn2Own: Exclusive Interview With Charlie Miller|author=Alan Dang|date=2009-03-25|publisher=[[Tom's Hardware]]}}
+* {{cite web|url=https://www.hackerscrackersandthieves.com/charlie-miller-cybersecurity-expert/|title=Charlie Miller|date=2019-12-11|publisher=[[Hackers, Crackers And Thieves]]}}
+{{Authority control}}
 {{DEFAULTSORT:Miller, Charlie}}
 [[Category:Living people]]
 [[Category:University of Notre Dame alumni]]
-[[Category:People associated with computer security]]
+[[Category:Computer security specialists]]
+[[Category:Year of birth missing (living people)]]

Authority control databases
International	VIAF
National	Czech Republic