Charlie Miller
@0xcharlie
Followers
73,924
Following
72
Media
1,199
Statuses
19,503
Explore trending content on Musk Viewer
President
• 1795990 Tweets
Supreme Court
• 1254283 Tweets
SCOTUS
• 631379 Tweets
Ronaldo
• 616804 Tweets
Portugal
• 443515 Tweets
Canada
• 415686 Tweets
Constitution
• 266987 Tweets
Diogo Costa
• 250292 Tweets
Klay
• 186384 Tweets
سلمان
• 109747 Tweets
Oblak
• 90300 Tweets
Corinthians
• 86752 Tweets
رونالدو
• 79437 Tweets
فرنسا
• 65900 Tweets
Sesko
• 49743 Tweets
#البرتغال_سلوفينيا
• 46396 Tweets
#poupettekenza
• 45775 Tweets
#PORSVN
• 42905 Tweets
كريستيانو
• 32787 Tweets
オスカル
• 28702 Tweets
#PORSLO
• 26113 Tweets
アンドレ
• 22693 Tweets
フェルゼン
• 22182 Tweets
Penaldo
• 21263 Tweets
Wesley
• 19509 Tweets
Bruno Fernandes
• 18757 Tweets
كوستا
• 18697 Tweets
Veiga
• 15781 Tweets
Jhon Jhon
• 15609 Tweets
ポルトガル
• 14919 Tweets
ロナウド
• 12836 Tweets
الدون
• 11133 Tweets
Last Seen Profiles
My hot take on the xz back door: it’s a success for the community. It took 2 years to sneak it in and it was caught in 1 month before it was in any major distro. It is really hard to backdoor a distro which is pretty cool.
88
382
4K
Today I'm glad I'm no longer the tech lead for Twitter's Application Security team anymore. Trying to deal with an incident with 300 million people watching is not fun.
17
199
2K
This seems like an impossible task to me. The director of the NSA makes 197k a year (with no equity). Glassdoor says the AVERAGE appsec engineer at facebook makes 195k. How can you recruit elite talent in that market?
An inside look at how the US Cybersecurity and Infrastructure Security Agency is planning to recruit elite cybersecurity talent
0
44
120
72
166
1K
As a former NSA guy, watching the community reverse engineer this exploit makes me think of all the people who developed it sitting and crying somewhere as it’s secrets are spilled.
Hector Martin (marcan) has some good ideas that the iMessage exploit used dbgwrap and cache debugging registers.
He also talks about how the "sbox" design is very clearly an ECC or CRC and not intended to obfuscate anything.
4
52
287
27
127
1K
This is lame. In Pwn2Own, if you hack a fully patched system, you win. I don't care if the vendor knew about the vuln. If they knew about it, they should have patched it. This is a win, plain and simple.
It's a partial win. Despite the great demonstration (with ASCII art), the bug used by
@alisaesage
had been reported prior to the contest. It's still great work, & we're thrilled she broke ground as the 1st woman to participate as an independent researcher in
#Pwn2Own
history.
89
22
166
14
175
983
I disagree with all “advice” in this article. Making yourself miserable everyday to protect against an incredibly unlikely attack doesn’t make sense.
100
261
946
I bought a new Jeep today and the sales guy was asking if I knew anything about Uconnect and I said “yes, yes I do…”
35
51
858
@GovParsonMO
Hi governor, I’m a Missouri resident and a computer security expert. You’re totally wrong here, there was no unauthorized access and reporting security issues is encouraged in our field (so they can get fixed!). The alternative are flaws never getting fixed. cc:
@stltoday
4
51
783
When you watch this do you wonder about hackers taking control of the car? Myself and other team members have been working for almost four years to make that really hard to do. So far so good 😊
Watch the most advanced robot in the world driving—without hesitation or confusion—through a bunch of anxiety-inducing scenarios.
@Cruise
’s technology is rapidly rocketing beyond human driving capability. So exciting.
36
178
963
8
84
513
I don't know why everyone is mad at Kaspersky, how about NSA employees don't bring classified docs home and put them on your computer?
26
103
476
This is the first infosec book I’ve read in a while. It’s a fun read.
10
40
427
After 1.5 years, today I'm moving on from
@Uber
. I've enjoyed the challenge of making their autonomous cars as secure as possible.
39
68
393
In the field of computer security, you can be bad at defense and not know it. You can't be bad at offense without knowing about it.
16
141
352
So
@keen_lab
just dropped a really awesome paper about hacking BMW cars. Get it here: . What follows in my analysis (1/21):
3
201
333
One of the biggest problems in infosec is it's impossible to know who the experts are and who the frauds are. Has impact on policy, hiring.
45
165
308
As former appsec tech lead for twitter, I'll just say I'm not shocked this was in code from the ads team.
12
156
279
So folks who are wringing their hands over the xz backdoor… What are we going to do differently to stop this in the future? My guess is we will preach and pontificate but not actually do anything useful…just like we always do!
31
26
275
you know what else costs $28k and can be used to learn about car hacking? a car!
14
60
262
I’ve said it before, and I’ll say it again: don’t plug internet connected devices into your car
16
142
258
I see a lot of security folks complaining about twitter sms 2fa going away which is weird because I thought they all left for mastadon.
16
27
267
It reminds me of the time Nick D kept tweeting a unicode character that was crashing Twitter for iOS and I had to explain to upper management he wasn't being mean, he was just being dumb. (They wanted to ban him from Twitter)
12
29
247
I can't even understand what this is trying to say, but i think my iphone-android is infected???
30
104
233
I figured out why i didn’t get picked this year for american ninja warrior...the new title sponsor is Jeep :(
9
21
223
Bye bye hack jeep. It's been fun and sorry for what we did to you.
9
49
218
In their response, BMW say the attack is sophisticated and so "BMW Group considers the security level for our customers and produces ensured". Basically their cars are safe as long as nobody smart tries to hack them.
11
118
205
Super interesting paper (as usual) by
@keen_lab
. It talks about how Tesla autopilot works and how what happens if attacker can get code execution on it.
3
88
204
Excited to announce I'm joining Didi Research America to lead the safety and security of their autonomous transportation systems.
30
38
201
Here is a public service announcement: Anybody who couldn't hack your iPhone yesterday will still not be able to do so today.
8
135
199
i love how people are shocked that
@apple
doesn’t like security researchers (see
@CorelliumHQ
drama), meanwhile i’ve been banned from doing research for them for 8 years.
11
60
195
Its easy to criticize security decisions if you don't understand the tradeoffs involved. Let me explain why Twitter made various security decisions, right or wrong. Remember I was Twitter appsec tech lead a while back so I have some insight.
We’re taking this step because of vulnerabilities that need to be addressed by mobile carriers and our reliance on having a linked phone number for two-factor authentication (we’re working on improving this).
55
174
604
7
77
194
The weirdest part of moving from being a car hacker to working for an autonomous car company is seeing how much better the automotive techs are at disassembling cars than I was. They don't let me near them with tools, which is smart.
3
7
193
Actually it was OCTOBER 23, not September. I know because I hacked it a day later.
5
43
191
Cool new research out on car hacking: . Hang on or mute as I'll give my thoughts on it.
2
111
193
Interesting data from this week's Pwn2Own. 1) No attempts against Google Pixel or iPhone even though they are worth 4-5x other targets. 2). 15 straight years of hacking Apple products at Pwn2Own ended last year and continues this year. Apple is secure now? 1/n
15
31
192
Over my decades in computer security, I've really matured. For example, right now I'm redoing my kitchen and didn't even sell a 0-day to the US government to fund it.
11
16
189
this is not how viruses work
Airplanes have to run a virus scanner every week to get rid of all the malware, because people casually charge their phones in the cockpit??!! 🤯
50
660
1K
7
53
187
Another interesting paper by
@keen_lab
about car hacking, this time a Mercedes. I read the car hacking papers (this one is 86 pages) so you don't have to! Thoughts in this thread (1/8)
2
62
185
This is really cool. Physical protections are always better than software protections
iPad hardware microphone disconnects via sensor when the case is closed
27
332
2K
1
49
187
Guess I'll buy a Mercedes
“There is no way you could hack a Mercedes-Benz from outside the car,” a senior Daimler engineering executive said
61
150
176
Controversial opinion alert: Car hack villages are super fun but don't advance research or make cars more secure. Similar to how lock pick villages haven't produced a bunch of lock engineers.
34
23
178
Lost chapters from iOS hackers handbook. One on ARM architecture, one on payloads and ROP.
9
122
175
“People who store their fobs in Faraday cages aren’t paranoid, experts say”. True, I guess, those people are paranoid AF.
3
11
163
I am volunteering to step up and accept government funding for the new crypto Manhattan project. I promise to work until the money runs out
13
96
173
Would feel so sad if I worked for a high powered govt hacking agency and all I did was phishing attacks. I'd dream of doing sqli attacks.
5
43
167
Had I consulted for Fast and the Furious 8, the car hacking scene would have been way more boring.
10
34
161
Interesting read on how you can use CAN injection to steal a car. This type of attack has been known for many years but nice writeup of how it works in this case.
6
41
163
You may recall me and
@nudehaberdasher
hacked a 2014 Jeep Cherokee. We chose that car because it had no gateway module between the telematics module and the modules with physical controls. I just looked at the 2020 model, there is still no gateway module.
13
36
160
Having worked at the nsa...
✅ NSA would love to backdoor stuff
✅ Backdoors make products less secure
✅ NSA bureaucracy loses stuff
3
60
156
Here is an old video of some jeep hacking I just rediscovered that I don't think I ever released.
10
109
159
Second edition of my book on fuzzing (with
@JaredDeMott
,
@attekett
, and
@aritakanen
) pre-sale available now 30% off, see flyer for details.
10
50
160
There haven’t been many infosec cons the last couple of years due to covid. There used to be one every weekend. What the heck were people talking about in all those talks and was it even helping solve the problem of securing stuff?
28
17
157
@chrisrohlf
that’s the thing, it’s not really lots of eyes but it just takes one pair and there’s lots of lonely guys in their basement (like me)
3
0
155
my hot take on the whatsapp exploit: code we use has vulnerabilities. this exploit does not necessarily say anything about whatsapp security team efforts, ios vs android, closed vs open source, imessage vs whatsapp, etc.
2
23
156
I love that this job req calls me out by name but i don’t meet their requirements...
@0xcharlie
Automotive Security Researcher
Do you know who Kevin Mahaffey and Marc Rogers are? How about Charlie Miller and Chris Valasek? Do you want to be in their line of work, but for national security purposes?
1
0
1
10
26
149
This line cracks me up: “Cybersecurity experts say privately that anyone who knows anything about the ease of auto and personal data hacking practices safe fob storage.” Because it’s real hard to get cyber experts to talk :)
7
18
148
I tried telling you guys by the choice of my twitter handle but nobody got the message!
User accounts starting with a digit (such as 0d) get root privileges under systemd
6
102
120
5
44
148
Privacy concerned users switching to worse privacy protecting apps because Signal does something privacy preserving better than other apps but not perfectly. Welcome to infosec!
I've had a bunch of discussions with people here about Signal PINs over the past day.
I don't usually spend this much time on Twitter, so parallel to the direct discussion, these are a few of the adjacent thoughts that have come up for me:
1/14
38
301
896
6
32
147
This navy commercial says this cyber attack cannot be stopped. nmap is 0-day?
20
26
143
After 3 years I'm stepping down from protecting the tweets, effective Friday. Good times, great coworkers, time to move on. Be free, tweets!
43
57
142
When I was appsec tech lead at twitter, this would have been a major headache to fix. Now i just get to enjoy it! Cool work.
😝 Here is the full disclosure of the Twitter XSS + CSRF vulnerability.
Clicking a crafted link or going to some crafted web pages would allow attackers to take over your account (posting, liking, updating your profile, deleting your account, etc.)
35
444
2K
4
14
145
Why on earth would you invest in secure boot or removing debug interfaces for a lightbulb? Let’s threat model folks.
17
46
141
I'm going to be a contestant on next month. I'm gonna represent parent basement dwelling, 400 pound hax0rs.
18
27
144
My whole career has been a build up to hack Apple's car.
15
84
139
This is really about apple making money, but he is correct.
Sideloading Apps Would ‘Break’ the Security and Privacy of iPhone, Says Tim Cook by
@SamiFathi_
53
91
980
10
15
142
I read these papers almost 20 years ago when I was getting started. If you haven’t read them, you should!
1995: Mudge published "How to Write Buffer Overflows", one of the first papers about buffer overflow exploitation. Then
@dotMudge
sent a copy to
@aleph_one
, who wrote "Smashing the Stack For Fun and Profit" in 1996. Seminal paper to seminal paper. Mudge's:
4
301
839
4
25
140
Verified that Sprint has not only blocked phone to car traffic but car to car traffic as well. Nice!
10
133
138
Doing my taxes today. In 2016, Chrysler paid me $0. I paid Chrysler $210 for access to wiring diagrams. Car hacking doesn't pay.
10
41
134
If Chrysler was smart, they'd buy me a car from another manufacturer. Whenever I get an idea to try, there is only my jeep to try it on.
6
35
136
I'm reading the Apple iOS security doc:
http://t.co/UA85iiKe
and its amazing because Apple never talks about security in detail like this.
12
139
135
I planned a short romantic getaway with my wife
@genderteach
at Half Moon Bay while I was at
#CISOFORUM
. She had to cancel at the last second but I soldiered on as best I could without her.
3
14
135
When did pwn2own rules change to “the vendor can’t know about it”? When I was participating, there were some crazy rules, but when I got a shell, I knew I won. It didn’t matter what the vendor knew. In fact, I think they knew about one of my bugs and I still got paid...
6
14
136
For those of you who wonder what real hacking looks like, here it is:
21
17
131
I’m trying to figure out why I wasn’t targeted by north korea. 1) they know i’m clever and would catch them. 2) i did that defcon talk where I pretended to help them. 3) I’m not a useful target. Wait, it’s not 3, right? RIGHT???
17
8
131
If the existence of 0-days changes your threat model, you’re doing threat modeling wrong.
If you assume someone had the Microsoft exchange bug as 0day what does that do to your threat model? Do you or don't you consider active directory an unnecessary legacy technical debt that is a clear danger ?
6
10
31
4
33
131
This is a decision made by reading scary headlines and not understanding threat models or risk or software security basics. If enough people switch to MS teams, we’ll see similar issues reported with that software.
10
52
131
I say this about once a year but my biggest accomplishment of being
@Twitter
appsec tech lead was migrating them off imagemagick.
So, here is another gift for you about Imagemagick RCE 0-day that afftceted to GhostScript-9.50 😀
#RCE
#imagemagick
#ghostscript
14
328
826
1
13
131
Locked out of my banking site because I bought a new computer and can't remember what I thought my favorite TV show was as a kid...
37
19
131
Let's threat model before designing security systems, people!
11
66
131
Even though everyone, and especially
@ryanaraine
, hates when I say it,
@BlackHatUSA
should only contain highly technical talks. Less-technical talks are what RSA is for. (Also, there shouldn't be a "business hall" or pay-to-speak slots). Yes I lose this argument every year.
15
6
126
Will miss you
@dakami
. You were a cool dude. Personally, I learned a lot about public speaking from you and aspired to give talks like you.
1
4
129
i’m going to help make sure the new iOS image scanner used for CSAM is okay, but I seem to be having trouble logging into my apple developer account…
6
14
129
watching
@natashenka
preach attack surface reduction. About 90% of my day job is trying to reduce attack surface...
1
31
129
everything goes full circle. 10 years ago - “we can’t find all the bugs so we’ll use sandboxes”. now - “sandboxes get bypassed, so we’ll find all the bugs”.
7
40
129
This paper is interesting as it points out flaws in other fuzzing papers, which it finds are many. It won an NSA paper competition for "bringing scientific understanding to the security community" which I find super insulting.
4
21
128
As someone who has hunted bugs for 15 years, having source code is barely advantageous
10
52
129