X

Twitter hires security expert Charlie Miller

The hire, which follows Moxie Marlinspike's move to Twitter last year, is evidence of how seriously Twitter is taking security these days.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read
Charlie Miller
Charlie Miller Elinor Mills/CNET
Twitter is creating a security dream team. Charlie Miller, famous for his hacks on the iPhone and MacBook Air, finding holes in iOS and devising ways to hijack Android phones with NFC, will be starting his new job at the microblogging company next week.

Miller will be working with encryption expert Moxie Marlinspike, who was hired by Twitter last year.

"Monday I start on the security team at Twitter. Looking forward to working with a great team there!" Miller tweeted this morning.

Miller told CNET today that he can't talk about his new job until he gets settled in it.

After getting a Ph.D. in mathematics at the University of Notre Dame, Miller worked for five years as a "global network exploitation analyst" for the National Security Agency. He then worked for a financial-services firm and at Independent Security Evaluators and Accuvant.

But it's his hacking and penetration testing skills that have earned him a reputation. Miller has highlighted numerous security flaws within Apple software over the years. One of his most high-profile discoveries was a vulnerability in the mobile version of Safari in 2007, shortly after the first iPhone was released. Additionally, he's been a fixture at the Pwn2Own security contest, in which people vie to gain control of Apple's Mac OS X computers through the built-in Safari Web browser.

More recently, Miller detailed that the low-level system software that ships on all of Apple's recent-model batteries could be hacked, letting would-be attackers theoretically disable the batteries given access to an administrator account. Miller got himself booted from participating in Apple's developer program last year after he released findings of a security hole in the iOS that let applications grab unsigned code from third-party servers that could be added to an app even after it has been approved and is live on Apple's App Store.

In July, Miller demonstrated a way to hijack an Android smartphone via the Near Field Communication (NFC) technology that's turned on by default on the device.