Security researchers Charlie Miller and Chris Valasek, who gained widespread fame earlier this month for demonstrating that a Jeep Cherokee could be hacked remotely, have caught Uber's eye and will start working for the ride-hailing company next week.
Miller, who worked three years as an engineer of platform services at Twitter up until very recently, will start work at Uber's Advanced Technologies Center in Pittsburgh, Pennsylvania, while Valasek, who has been director of vehicle security research at IOActive, will leave his former company on Monday to join Miller at Uber.
Although both researchers are well-respected in their own fields, Miller and Valasek were thrust into the spotlight when they took to the Black Hat and Def Con hacking conferences in Las Vegas to show just what they did to stop a moving Jeep Cherokee in its tracks, all while doing so from a remote location.
By exploiting a vulnerability in the hardware chip of FCA's (formerly Fiat-Chrysler) UConnect infotainment system, Miller and Valasek were able to hack into the Jeep's other systems and wireless control hundreds of thousands of vehicles that were outfitted with UConnect. They were able to track the vehicles down to their exact location, turn the lights and blinkers on or off, tinker with the navigation and radio controls, and most alarmingly, tamper with the brakes and steering of some of those vehicles.
Before working at Twitter, Miller was a global network exploitation analyst for the National Security Agency (NSA) for five years. According to his LinkedIn profile, he "identified weaknesses and vulnerabilities in computer networks and executed successful computer network exploitations against foreign targets." He had also earned the respect of his peers for finding the first significant bug in the MacBook Air and going on to demonstrate security flaws in Mac OS and iOS. Miller also published a book titled "iOS Hackers' Handbook."
Valasek, on the other hand, was a senior security research scientist at Coverity and Accuvant before heading on to become director of vehicle security research at IOActive. He also spent four years as an X-Force researcher for IBM Internet Security Systems.
The duo had been focusing on vehicle security for years. In 2013, they demonstrated that they could take over a Ford and Toyota by plugging into the vehicles' diagnostic port, but their work were dismissed by car manufacturers, who pointed out that hackers had to have physical access to control the vehicles. This prompted the researchers to work on the Jeep Cherokee, and the results of their work had led FCA to announce a recall of 1.4 million vehicles to prevent a potentially devastating hack.
It is not clear what roles Miller and Valasek will be taking at Uber, but what is clear is that Uber has been plucking up dozens of the world's most esteemed security and connected car researchers in what is widely believed to be Uber's efforts to develop a fleet of self-driving cars to drive us all around to our destinations in the future.