Charlie Miller (security researcher)

Early Life and Education

Charles Alfred Miller earned a bachelor's degree in mathematics with a minor in philosophy from what was then known as Northeast Missouri State University, followed by a Ph.D. in mathematics from the University of Notre Dame in 2000. He resides in Wildwood, Missouri.

Career

Following his doctoral work, Miller spent five years as an analyst with the National Security Agency. He subsequently joined Independent Security Evaluators (ISE), a computer protection consultancy, where by 2007 he held the role of lead analyst. He later worked for Uber before moving to his current position at Cruise Automation.

Security Research

Miller built a reputation for publicly demonstrating significant security vulnerabilities, particularly in Apple products. In 2007, he presented the first known iPhone exploit, revealing a vulnerability in the mobile Safari browser that could allow an attacker to gain full control of the device.

At the Pwn2Own hacker conference in Vancouver, British Columbia, Miller won a $10,000 cash prize in 2008 for being the first researcher to identify a critical bug in the MacBook Air. In 2009, he returned to Pwn2Own and won $5,000 for cracking Apple's Safari browser.

Also in 2009, Miller and researcher Collin Mulliner demonstrated an SMS processing vulnerability capable of enabling complete compromise of the Apple iPhone, as well as denial-of-service attacks against other handsets.

In 2011, Miller discovered a flaw in iOS that allowed an application to contact a remote server and download unapproved software capable of executing arbitrary commands, potentially enabling theft of personal data. As a proof of concept, he developed an application called Instastock, which passed Apple's App Store review process. After notifying Apple of the vulnerability, he was expelled from the App Store developer program.

Miller also participated in research into security vulnerabilities in NFC (Near Field Communication) technology.

Android and First Android Exploit

Working alongside colleagues Mark Daniel and Jake Honoroff at ISE, Miller identified and exploited a security vulnerability in the Android operating system. The team determined that the vulnerability stemmed from Google's use of an outdated, vulnerable version of the WebKit library within Android. The exploit was developed using the Android SDK and emulator.

Automotive Security

Miller, collaborating with researcher Chris Valasek, conducted landmark research into the security of connected vehicles. The two are widely recognized for remotely hacking a 2014 Jeep Cherokee, demonstrating the ability to control the vehicle's braking, steering, and acceleration from a remote location. This research drew significant attention to cybersecurity risks in modern automobiles.

Publications

Miller has contributed to several notable security publications, including The Mac Hacker's Handbook, the iOS Hacker's Handbook, Fuzzing for Software Security Testing and Quality Assurance, and a work on battery firmware hacking examining the internals of smart battery systems.