Wednesday, October 07, 2015 by Chris Draper
Who knew you could make a lawful living as a professional computer hacker? That is at least the case for Charlie Miller and Chris Valasek, two computer hackers who were recently hired by Uber for their morally ambiguous skills.
The dynamic duo made their claim to fame in a feature article for WIRED magazine. Miller and Valasek were able to take control of a Jeep from 10 miles away with nothing but a laptop and cell phone at their disposal. They demonstrated that they could remotely hack an automobile, take control of the vehicle and potentially kill the driver.(1)
There was nothing unique about the Jeep that the hackers took control over. In theory, the two could have taken control of any Chrysler with a Uconnect system. A tech-savvy terrorist could in principle transform a vehicle coasting along a major city highway into a massive, high-velocity weapon. The incident forced Chrysler to issue a recall on 1.4 million vehicles.(2)
Miller and Valasek aren’t your typical lowly freelance hackers. Valasek was employed as director of automobile security research for the security consultancy IOActive, whereas Miller was a former employee of the National Security Agency (NSA).(2)
As a former employee of the NSA, Miller took the title of “global network exploitation specialist.” In particular, Miller was responsible for instigating a technique used to “infiltrate target computers’ networks to extract and gather intelligence data. It enables the exploitation of the individual computers and computer networks of an external organization or country in order to collect any sensitive or confidential data, which is typically kept hidden and protected from the general public.”(3)
As an organization which seeks to know everything about everyone, it’s no wonder that the NSA valued Miller’s computer hacking skills. This being the case, one can’t help but wonder what Uber, an international transportation network company, hopes to gain from Miller’s background in computer network exploitation.
Miller and Valasek’s feature in WIRED was not the sole reason for the public’s heightened awareness of car hacking. Specifically, the public has been worried about car hackers since the death of journalist Michael Hastings.
After the young journalist was mysteriously killed in a car accident, many suspected that car hackers were to blame. In particular, Hastings wrote an email hours before his death in which he claimed his “close families and friends” were being interviewed by the FBI, and that he was going “off the radar” for a little bit.
On the morning of July 18, Hastings’ 2013 Mercedes C250 coupe crashed into a tree on Highland Ave. The car burst into flames upon impact, launching the Mercedes’s engine across a long and unusual path. The original report described anomalies of the crash that could be explained by an external hacker.(4)
No one is sure what Uber plans to do with the talents of Miller and Valasek. According to a spokeswoman for Uber, “Charlie and Chris are joining the team at Uber’s Advanced Technologies Center, and will also work closely with Chief Security Officer Joe Sullivan and Chief Information Security Officer John Flynn to continue building out a world-class safety and security program at Uber.” Both Miller and Valasek declined comment.(2)
Uber set up a research and development lab at Carnegie Mellon University in hopes of designing the first self-driving automobiles. Self-driving cars equipped with computers that control steering wheels would be particularly vulnerable to hacking. If Miller and Valasek’s task is to secure these self-driving cars from hackers, the road ahead will be a long drive.(2)