Apple hacker Charlie Miller joins Twitter's security team

Miller’s CV is rather extensive. He tends to specialize in Apple fare: he became the first to fully compromise the iPhone via the web browser, in 2007. In 2008 he won a $10,000 cash prize at the Pwn2Own hacker conference in Vancouver, Canada, for compromising the ultrathin MacBook Air in two minutes. Next up was a $5,000 win for cracking Safari.

In 2009 he authored a technique for spreading denial-of-service attacks on iPhones virally through text messaging.

He’s also known for exposing security holes in apps stores: In 2011 he found a flaw in mobile iOS security and created a proof-of-concept application called Instastock for hijacking iPads and iPhones entirely. He managed to get it into the App Store, but when he told Apple about it he was promptly kicked off the developer island, his license revoked.

In the Android realm he’s demonstrated the ability to get around Google’s “Bouncer” malware expulsion program in Google Play/Android Market. And he’s been experimenting with using near-field communications (NFC) chips to wirelessly compromise Samsung and Nokia phones with a wave.

His most recent gig was with Accuvant, the security firm. He also spent five years with the US National Security Agency (NSA).

“Monday I start on the security team at Twitter. Looking forward to working with a great team there!” Miller tweeted, effectively announcing the hire. His exact role and title have not been revealed.

Miller will join the team headed up by the other high-profile star in the company, Moxie Marlinspike, co-founder of Whisper Systems, which was acquired by Twitter last year. He is a member of the Institute For Disruptive Studies and ran a cloud-based WPA cracking service, among other things.


Comments from the Slack Space...
Can we presume that Twitter does not require resumes to be 140 characters or less?


What’s Hot on Infosecurity Magazine?