Charles Alfred Miller is an American

computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...

researcher with Cruise Automation. Prior to his current employment, he spent five years working for the

National Security Agency The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...

and has worked for

Uber Uber Technologies, Inc. is an American multinational transportation company that provides Ridesharing company, ride-hailing services, courier services, food delivery, and freight transport. It is headquartered in San Francisco, California, a ...

Education

Miller holds a bachelor's degree in

mathematics Mathematics is a field of study that discovers and organizes methods, Mathematical theory, theories and theorems that are developed and Mathematical proof, proved for the needs of empirical sciences and mathematics itself. There are many ar ...

with a minor in

philosophy Philosophy ('love of wisdom' in Ancient Greek) is a systematic study of general and fundamental questions concerning topics like existence, reason, knowledge, Value (ethics and social sciences), value, mind, and language. It is a rational an ...

from the then called Northeast Missouri State, and a Ph.D. in mathematics from the

University of Notre Dame The University of Notre Dame du Lac (known simply as Notre Dame; ; ND) is a Private university, private Catholic research university in Notre Dame, Indiana, United States. Founded in 1842 by members of the Congregation of Holy Cross, a Cathol ...

in 2000. He lives in

Wildwood, Missouri Wildwood is a city in St. Louis County, Missouri, United States. It is located in the far western portion of the county. As of the 2020 census, the population was 35,417. Wildwood is the home of the Al Foster Trail, and numerous other trails, p ...

Security research

Miller was a lead analyst at Independent Security Evaluators, a computer protection consultancy. He has publicly demonstrated many security exploits of

Apple An apple is a round, edible fruit produced by an apple tree (''Malus'' spp.). Fruit trees of the orchard or domestic apple (''Malus domestica''), the most widely grown in the genus, are agriculture, cultivated worldwide. The tree originated ...

products. In 2008, he won a $10,000 cash prize at the hacker conference Pwn2Own in

Vancouver, British Columbia Vancouver is a major city in Western Canada, located in the Lower Mainland region of British Columbia. As the List of cities in British Columbia, most populous city in the province, the 2021 Canadian census recorded 662,248 people in the cit ...

, Canada for being the first to find a critical bug in the

MacBook Air The MacBook Air is a line of Mac (computer), Mac laptop computers developed and manufactured by Apple Inc., Apple since 2008. It features a thin, light structure in a machining, machined aluminum case and currently either a 13-inch or 15-inch ...

. In 2009, he won $5,000 for cracking Apple's

Safari A safari (; originally ) is an overland journey to observe wildlife, wild animals, especially in East Africa. The so-called big five game, "Big Five" game animals of Africa – lion, African leopard, leopard, rhinoceros, African elephant, elep ...

browser. Also in 2009, he and Collin Mulliner demonstrated an

SMS Short Message Service, commonly abbreviated as SMS, is a text messaging service component of most telephone, Internet and mobile device systems. It uses standardized communication protocols that let mobile phones exchange short text messages, t ...

processing vulnerability that allowed for complete compromise of the Apple

iPhone The iPhone is a line of smartphones developed and marketed by Apple that run iOS, the company's own mobile operating system. The first-generation iPhone was announced by then–Apple CEO and co-founder Steve Jobs on January 9, 2007, at ...

and

denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host co ...

s on other phones. In 2011, he found a security hole in the iPhone and iPad, whereby an application can contact a remote computer to download new unapproved software that can execute any command that could steal personal data or otherwise using

iOS Ios, Io or Nio (, ; ; locally Nios, Νιός) is a Greek island in the Cyclades group in the Aegean Sea. Ios is a hilly island with cliffs down to the sea on most sides. It is situated halfway between Naxos and Santorini. It is about long an ...

applications functions for malicious purposes. As a proof of concept, Miller created an application called ''Instastock'' that was approved by Apple's

App Store An app store, also called an app marketplace or app catalog, is a type of digital distribution platform for computer software called applications, often in a mobile context. Apps provide a specific set of functions which, by definition, do not i ...

. He then informed Apple about the security hole, who promptly expelled him from the App Store. Miller participated in research on discovering security vulnerabilities in NFC (

Near Field Communication Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of or less. NFC offers a low-speed connection through a simple setup that can be used for the boots ...

First Apple iPhone exploit

Charlie Miller presented about the first iPhone exploit in 2007. He demonstrated a vulnerability in the mobile Safari browser that allowed an attacker to gain control of the iPhone.

First Google Android exploit

Miller, along with his colleagues Mark Daniel and Jake Honoroff at ISE, identified and exploited a security vulnerability in the Android operating system. They found that the vulnerability was due to Google using an older, vulnerable version of the Webkit library utilized by Android. The initial vulnerability was discovered and an exploit developed using the Android SDK and emulator. It is rumored that Miller acquired a Google G1 device via a T-Mobile employee eBay auction prior to release day.

First remote car hacking exploit

Miller, along with

Chris Valasek Chris Valasek is a computer security researcher with Cruise Automation, a self-driving car startup owned by GM, and most recently known for his work in automotive security research. Career Prior to his current employment, he worked for: * ...

, is known for remotely hacking a 2014

Jeep Cherokee The Jeep Cherokee is a line of sport utility vehicles (SUV) manufactured and marketed by Jeep over five generations. Marketed initially as a variant of the Jeep Wagoneer (SJ), the Cherokee has evolved from a full-size SUV to one of the first ...

and controlling the braking,

steering Steering is the control of the direction of motion or the components that enable its control. Steering is achieved through various arrangements, among them ailerons for airplanes, rudders for boats, cylic tilting of rotors for helicopters, ...

, and

acceleration In mechanics, acceleration is the Rate (mathematics), rate of change of the velocity of an object with respect to time. Acceleration is one of several components of kinematics, the study of motion. Accelerations are Euclidean vector, vector ...

of the vehicle.

Publications

* iOS Hacker Handbook * The Mac Hacker's Handbook * Fuzzing for Software Security Testing and Quality Assurance *Battery firmware hacking: inside the innards of a smart battery

References

External links

* * * * * * * {{DEFAULTSORT:Miller, Charlie Living people University of Notre Dame alumni Computer security specialists Year of birth missing (living people)