Cyber Security Expert Returns to Truman

Alumnus Charlie Miller has taken control of an iPhone with only a text message, infected a MacBook through its power adapter, outlined a detailed cyber attack on the U.S. and most recently has found a way to disable a car’s brakes by hacking the vehicle’s mainframe.

In the uncharted world of cyberspace there are bad guys and good guys, and luckily, Miller (’95) is one of the good guys. He is actually one of the world’s most sought-after cyber security experts and has worked for organizations such as the National Security Agency and social media giant Twitter. Miller is an ethical hacker that seeks software vulnerabilities so they can be repaired and patched before they are exploited.

As part of the Holman Family Distinguished Speaker Series, Miller will present “The War on Hackers and How it Hurts Computer Security” at 8 p.m. April 11 in Baldwin Hall Auditorium.

Charlie Miller

Miller was not always a world-class hacker. His interest in technology began with hours spent in the glow of his family’s Commodore 64 and Atari 400. After graduating from Lindbergh High School in St. Louis, he came to Truman on a Bright Flight scholarship.

“I wanted to go away to college,” Miller said. “I asked my high school friend ‘what is the best school in Missouri that isn’t in St. Louis?’ He said, ‘Truman,’ so that’s where I went.”

After graduating magna cum laude with a degree in mathematics and a minor in philosophy, Miller earned a doctorate from Notre Dame. He was then hired by the National Security Agency as a cryptographer/code breaker, where he quickly learned he had an affinity for computer security. Soon his job description included identifying weaknesses in foreign computer networks and executing numerous successful exploitations against foreign targets.

For security reasons, Miller is not allowed to discuss any specific projects or missions he worked on for the NSA, but it was probably not what most people would expect.

“It takes a lot more planning than you see on TV,” he said. “You don’t sit down and ‘hack someone’ in five minutes. Depending on who or what you are attacking, it may be a multi-month project.”

In 2005, Miller returned to his hometown of St. Louis to work as a private security consultant. Although he is one of the good guys, some companies do not always see it that way. Miller demonstrated a vulnerability at Apple by sneaking an app past the company’s screening process. While he could have used the rouge app to compromise other people’s devices, he instead alerted the company to its security failure.

“They were angry that I had the app in the App Store and kicked me out of their developer program,” Miller said. “From my perspective, nobody was hurt and I told them about a very critical vulnerability that they were able to patch to make their customers safer, and I got nothing but grief from them.”

Despite what some companies might think, Miller feels the work of ethical hackers serves the best interest of society.

“Without us, the security of products would only be the responsibilities of corporations and governments,” he said. “Corporations have an economical incentive to make products as quickly as possible, so they aren’t going to focus on security, and I won’t even talk about governments.”

His work in consulting is what led Miller to create the presentation “Kim Jong-Il and Me: How to Build a Cyber Army to Attack the U.S.” This tongue-in-cheek presentation, complete with photoshopped images of Miller and Jong-Il, was the result of a thought experiment in which he pretended to be hired by the North Korean government to orchestrate a cyber attack against U.S. critical infrastructure. In a detailed plan, Miller maps out the timeline and manpower needed to complete the task, along with an estimated cost of the entire campaign. Fortunately, Miller does not believe a cyber attack from North Korea, or any country, is coming any time soon.

Miller’s “Kim Jong-Il and Me” was just one of the presentations he has given on cyber security around the world. He has appeared at events ranging from the Black Hat conference in Las Vegas, to a conference sponsored by NATO’s Cooperative Cyber Defense Centre of Excellence in Tallinn, Estonia.  

While he was contracting, a large part of Miller’s job was finding any device that interested him and then trying to penetrate it. It was during this time that he made some of his most notorious hacks, including breaking into an iPhone through a text message, an especially dangerous hole because all he needed was a phone number to compromise a device. Miller also began to receive worldwide attention by becoming the first hacker to win four consecutive Pwn2Owns, a prestigious global hacking competition, where he once performed a record-breaking hack of a MacBook Air in just two minutes.

The author of three information security books, Miller has been featured in the New York Times, the Washington Post, Forbes and Wired, and has appeared on CNBC, NPR and the "Today Show."

Today, Miller puts his talents to work for Twitter. As a part of its application security team, he makes sure hackers are unable to break into accounts to steal private messages or post phony tweets.

“If you find Taylor Swift’s direct messages posted on TMZ, I am probably having a bad day,” Miller said.

For young people interested in pursuing hacking, Miller’s advice is to jump in and get hands-on experience. Because there are not many academic programs to learn the trade, would-be hackers must be self-motivated and avid learners, skills he says he picked up at Truman.

“Truman was a great place to become a learner,” said Miller, “It really helped me become a hard worker and do well.”

Miller resides in St. Louis with his wife Andrea (’95), who is also a Truman graduate.

Tickets for Miller’s presentation are free and will be available at the door.

The Holman Family Distinguished Speaker Series is named in honor of Squire Paul and Meeda (Daniel) Holman by their children to honor their parents’ long association with Truman. It is funded through an endowment with the Truman State University Foundation.