NEWS ANALYSIS: Two of the most (in)famous hackers in the world have a new job—thanks to their hack a Chrysler Jeep that led to the recall of 1.4 million vehicles.
In the world of security research, much of the work is long, boring and tedious, but somehow the best researchers make it all seem interesting and exciting. Charlie Miller and Chris Valasek are not your average security researchers—while they have the technical chops to do the tedious work, they also have an unmatched onstage persona and charisma that electrify those who see them speak.
Miller and Valasek made headlines around the world earlier this month with a remote stunt hack of a Chrysler Jeep that led to the recall of 1.4 million vehicles. The two men conducted the Jeep research together, even though they both worked at different companies. Miller had been working at Twitter at the time, while Valasek was employed by security firm IOactive. As of today, both researchers are now employed by Uber, tasked with looking at automotive security.
The fact that Miller and Valasek left their employers so they could work together shouldn't come as a surprise to anyone who has been watching. In a press conference at the Black Hat USA 2015 event where the duo presented their car hacking research, they were repeatedly asked about job offers from auto companies. The answer from the charismatic duo was that they hadn't been approached.
Perhaps the most amazing aspect of Miller and Valasek's research is the fact that the two men said that it was done as a hobby. Miller's day job at Twitter had nothing to do with car research, and Valasek admitted that he still had to do other things at IOactive as part of his day job. At IOactive, Valasek held the title of director of vehicle security research, so car research was at least under the larger banner of his overall responsibilities.
Valasek leaving IOactive doesn't mean that company will discontinue its vehicle research efforts. In fact, Jennifer Steffens, CEO of IOactive, tweeted to eWEEK that her company isn't giving up on vehicle research.
"Chris [Valasek] is an amazing researcher but we have a dozen folks who do the work for our clients," Steffens wrote. "We will have some further research coming out in about a month as well."
It has been a long road for both Valasek and Miller to become automotive hacking rock stars. When the pair first delved into the world of automotive hacking back in 2013, their first attempt was not considered worthy to be presented at the Black Hat USA event that year. In 2014, they upped their game with a landmark presentation at Black Hat USA 2014 that mapped the attack surface of the modern automobile.
The 2015 Black Hat USA presentation upped the game further, with a remote hack of a Jeep, in what has now become known as a stunt hack. Back in 2013, there were few researchers actively looking at connected automobile security; in 2015, there are multiple groups looking at the issue, thanks in large part to Miller's and Valasek's notoriety and attention to the issue.
When asked during this year's Black Hat USA press conference why they felt the stunt hack was necessary, Miller and Valasek said their goal was to get attention—which is what they got. They managed to do something that no other security researcher had ever done: trigger a recall of 1.4 million vehicles.
To be fair, Miller has been making headlines for years, In 2007, he became the first researcher to hack an iPhone. Miller has also won large awards at the HP-sponsored Pwn2own browser hacking competition in 2009, 2010 and 2011.
The combination of Miller and Valasek onstage though creates a synergistic entity that just exudes charisma. Having both researchers officially work for the same company on the same projects is an information security dream team for sure.
Miller and Valasek now bring instant credibility to Uber's research efforts. Perhaps more importantly, Uber will give them the time they need to work together to improve automobile security for us all.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧