Charlie Miller (’95) has taken control of an iPhone with only a text message, infected a MacBook through its power adapter, outlined a detailed cyber attack on the U.S. and most recently has found a way to disable a car’s brakes by hacking the vehicle’s mainframe.
In the uncharted world of cyberspace, there are bad guys and good guys, and luckily, Miller is one of the good guys. He is actually one of the world’s most sought-after cyber security experts and has worked for organizations such as the National Security Agency (NSA) and social media giant Twitter. Miller is an ethical hacker who seeks software vulnerabilities so they can be repaired and patched before they are exploited.
As part of the Holman Family Distinguished Speaker Series, Miller returned to campus in April to discuss “The War on Hackers and How it Hurts Computer Security.”
Miller was not always a world-class hacker. His interest in technology began with hours spent in the glow of his family’s Commodore 64 and Atari 400. After graduating from Lindbergh High School in St. Louis, he came to Truman on a Bright Flight Scholarship.
“I wanted to go away to college,” Miller said. “I asked my high school friend ‘what is the best school in Missouri that isn’t in St. Louis?’ He said, ‘Truman,’ so that’s where I went.”
After graduating magna cum laude with a degree in mathematics and a minor in philosophy, Miller earned a doctorate from Notre Dame. He was then hired by the NSA as a cryptographer/code breaker, where he quickly learned he had an affinity for computer security. Soon his job description included identifying weaknesses in foreign computer networks and executing numerous successful exploitations against foreign targets. For security reasons, Miller is not allowed to discuss any specific projects or missions he worked on for the NSA, but it was probably not what most people would expect.
“It takes a lot more planning than you see on TV,” he said. “You don’t sit down and ‘hack someone’ in five minutes. Depending on who or what you are attacking, it may be a multi-month project.”
In 2005, Miller returned to his hometown of St. Louis to work as a private security consultant. Although he is one of the good guys, some companies do not always see it that way. Miller demonstrated a vulnerability at Apple by sneaking an app past the company’s screening process. While he could have used the rogue app to compromise other people’s devices, he instead alerted the company to its security failure.
“They were angry that I had the app in the App Store and kicked me out of their developer program,” Miller said. “From my perspective, nobody was hurt, and I told them about a very critical vulnerability that they were able to patch to make their customers safer, and I got nothing but grief from them.”
Despite what some companies might think, Miller feels the work of ethical hackers serves the best interest of society.
“Without us, the security of products would only be the responsibilities of corporations and governments,” he said. “Corporations have an economical incentive to make products as quickly as possible, so they aren’t going to focus on security, and I won’t even talk about governments.”
While he was contracting, a large part of Miller’s job was finding any device that interested him and then trying to penetrate it. It was during this time that he made some of his most notorious hacks, including breaking into an iPhone through a text message, an especially dangerous hole because all he needed was a phone number to compromise a device. Miller also began to receive worldwide attention by becoming the first hacker to win four consecutive Pwn2Owns, a prestigious global hacking competition, where he once performed a record-breaking hack of a MacBook Air in just two minutes.
The author of three information security books, Miller has been featured in the New York Times, the Washington Post, Forbes and Wired, and has appeared on CNBC, NPR and the “Today” show.
Currently, Miller puts his talents to work for Twitter. As a part of its application security team, he makes sure hackers are unable to break into accounts to steal private messages or post phony tweets.
“If you find Taylor Swift’s direct messages posted on TMZ, I am probably having a bad day,” Miller said.
For young people interested in pursuing hacking, Miller’s advice is to jump in and get hands-on experience. Because there are not many academic programs to learn the trade, would-be hackers must be self-motivated and avid learners, skills he says he picked up at Truman.
“Truman was a great place to become a learner,” said Miller, “It really helped me become a hard worker and do well.”
Miller resides in St. Louis with his wife Andrea (’95), who is also a Truman graduate.
The Holman Family Distinguished Speaker Series is named in honor of Squire Paul and Meeda (Daniel) Holman by their children to honor their parents’ long association with Truman. It is funded through an endowment with the Truman State University Foundation.