Twitter quietly is assembling a serious security team, with the most recent addition being Charlie Miller, the security researcher known for finding a long line of bugs in the iPhone and other Apple products. Miller, a respected and prolific researcher, will join the social network’s security team next week.
When he arrives, Miller will join a team that also includes Moxie Marlinspike, the security and privacy researcher who developed the SSLstrip attack as well as the RedPhone and WhisperCore security systems for Android phones. Twitter later acquired his company, Whisper Systems, and Marlinspike has been working on the company’s internal team since.
Miller has worked on a wide variety of research topics, with his most recent one being a project funded by DARPA that looked at the security properties of NFC chips in various mobile phones. In the course of that research, Miller developed techniques that enabled him to force users’ phones to connect to a given Web site or take complete control of the vulnerable phone.
Last year, Miller found a method for exploiting a problem with the battery in Apple laptops that enabled him to brick the laptop, rendering it completely useless. He also discovered a bug in Apple iOS that enabled him to bypass the code-signing requirements and run unapproved code on an iPhone. That trick, which also involved inserting a proof-of-concept app into the iTunes App Store, didn’t sit so well with Apple, which quickly revoked his developer account for the App Store.
On Friday, Miller announced on Twitter, appropriately enough, that he was leaving Accuvant Labs to join Twitter.
“Monday I start on the security team at Twitter. Looking forward to working with a great team there!” Miller said.
Twitter doesn’t say much publicly about its security efforts and Miller hasn’t said exactly what areas he’ll be working on. But given that the network often has been a target of attacks both small and large, there likely is no shortage of work to be done.