George Hotz

From Wikipedia, the free encyclopedia
  (Redirected from Geohot)
Jump to navigation Jump to search

George Hotz
George Hotz at TechCrunch Disrupt.jpg
Hotz in 2016
Born
George Francis Hotz Jr.

(1989-10-02) October 2, 1989 (age 31)
Other namesgeohot, tomcr00se
Notable work
Jailbreak, comma.ai
Websitewww.geohot.com

George Francis Hotz (born October 2, 1989), alias geohot, is an American security hacker, entrepreneur, hip hop artist, and software engineer. He is known for developing iOS jailbreaks,[1][2] reverse engineering the PlayStation 3, and for the subsequent lawsuit brought against him by Sony. Since September 2015, he has been working on his vehicle automation machine learning company comma.ai.[3]

Education[edit]

He attended the Academy for Engineering and Design Technology at the Bergen County Academies, a magnet public high school in Hackensack, New Jersey.[4] Hotz is an alumnus of the Johns Hopkins Center for Talented Youth program.[5] Hotz also briefly attended Rochester Institute of Technology[6] and Carnegie Mellon University.

Security research[edit]

iOS[edit]

In August 2007, seventeen-year-old George Hotz became the first person reported to remove the SIM lock on an iPhone.[7][8][9][10] He traded his second unlocked 8 GB iPhone to Terry Daidone, the founder of CertiCell, for a Nissan 350Z and three 8 GB iPhones.[11]

In October 2009, Hotz released blackra1n. It was compatible with all iPhone and iPod Touch devices running iOS 3.1.2.[12][13]

On July 13, 2010, Hotz announced the discontinuation of his jailbreaking activities, citing demotivation over the technology and the unwanted personal attention.[14] Nevertheless, he continued to release new software-based jailbreak techniques until October 2010.[15]

PlayStation 3[edit]

In December 2009, Hotz announced his initial intentions to breach security on the PlayStation 3.[16] On January 22, 2010, he announced that he had performed his first achievement consisting of read and write access to the machine's system memory as well as hypervisor level access to the machine's CPU.[17][18]

On January 26, 2010, Hotz released the exploit to the public. On March 28, 2010, Sony responded by announcing their intention to release a PlayStation 3 firmware update that would remove the OtherOS feature from all models,[19] a feature that was already absent on the newer Slim revisions of the machine.[20]

On July 13, 2010, Hotz posted a message on his Twitter account stating that he had abandoned his efforts.[21]

Sony lawsuit[edit]

On December 29, 2010, hacking group fail0verflow did a presentation at the 27th Chaos Communications Congress where they exposed a mistake of Sony in their usage of ECDSA signatures without publishing the corresponding private key. This key was used by Sony to prevent piracy.[22][23] On January 2, 2011, Hotz posted a copy of the private key of the PlayStation 3 on his website.[24] These keys were later removed from his website as a result of legal action by Sony against fail0verflow and Hotz. In response to his continued publication of PS3 exploit information, Sony filed on January 11, 2011 for an application for a temporary restraining order (TRO) against him in the US District Court of Northern California.[25][26][27]

Hotz published his commentary on the case, including a song about the "disaster" of Sony.[28] Sony in turn has demanded social media sites, including YouTube, to hand over IP addresses of people who visited Geohot's social pages and videos; the latter being the case only for those who "watched the video and 'documents reproducing all records or usernames and IP addresses that have posted or published comments in response to the video".[29]

PayPal has granted Sony access to Geohot's PayPal account,[30] and the judge of the case granted Sony permission to view the IP addresses of everyone who visited geohot.com. In April 2011, it was revealed that Sony and Hotz had settled the lawsuit out of court, on the condition that Hotz would never again resume any hacking work on Sony products.[31]

Android[edit]

In June 2014, Hotz[32] published a root exploit software hack for Samsung Galaxy S5 devices used in the US market.[33] The exploit is built around the CVE-2014-3153 vulnerability,[34][35] which was discovered by hacker Pinkie Pie, and it involves an issue in the Futex subsystem that in turn allows for privilege escalation. The exploit, known as towelroot, was designated as a "one-click Android rooting tool".[35]

Although originally released for the Verizon Galaxy S5, the root exploit was made compatible with most Android devices available at that time. For example, it was tested and found to work with the AT&T Galaxy S5, Nexus 5, and Galaxy S4 Active. Updates continued to be applied to the root exploit to increase its capabilities with other devices running Android.[36] Updates to the Android operating system closed the source of the exploit. Samsung officially responded to the towelroot exploit by releasing updated software designed to be immune from the exploit.[37]

Career[edit]

Hotz made a meaningful side income from public donations solicited for his security exploits.[8]

Hotz worked at Facebook between May 2011 and January 2012.[38][39][8][40]

On July 16, 2014, Google hired Hotz to work with the Project Zero team [41] where he developed Qira for dynamically analysing application binaries.[42]

Hotz was employed at the startup Vicarious from January until July 2015.[43]

comma.ai[edit]

Hotz founded his AI startup, comma.ai, in September 2015.[44] In an interview with Bloomberg, Hotz revealed that the company was building vehicular automation technology based on machine learning algorithms. Hotz built a working self-driving 2016 Acura ILX, which he demonstrated on the I-280 in a video,[3] resulting in a cease and desist letter from the California Department of Motor Vehicles.[45]

Hotz wanted to sell his technology to Tesla Motors, meeting with CEO Elon Musk.[46][47] Hotz claims that Musk offered him $12 million (minus $1 million for every month it took Hotz to work on the task) to create a driving system that could replace the MobilEye solution that Tesla used at the time.[48] Tesla later released a statement on their website citing corrections to the Bloomberg article, stressing that their autopilot system was developed in-house, with a vision chip component from MobilEye, instead of one separate autopilot system manufactured by MobilEye, as suggested by Bloomberg reporter Ashlee Vance.[46] Musk offered advice on Hotz's self-driving car project in a December 2015 interview.[49]

On October 27, 2016, the NHTSA informed Hotz that the product was legally required to comply with Federal Motor Vehicle Safety Standards, and requested information that would confirm such compliance.[50] A day later, George Hotz tweeted from Shenzhen that the comma one was cancelled.[51][52] Kristen Lee stated on Jalopnik that the NHTSA was simply trying to open a dialog, and commented: "Instead, they got the worst attitude possible from Silicon Valley: try and regulate us, thought leaders, and we’ll take our ball and go home."[53]

comma.ai open sourced their self driving car software (called openpilot) on November 30, 2016, emphasizing its intended use for research without a warranty.[54][55]

On September 14, 2018, comma.ai announced Hotz would become the Head of Research Team for the project, and appointed Riccardo Biasini as the new CEO of the company.[56] He left in March 2019, but returned in May 2019 to become President once again.[57]

On January 7, 2020, comma.ai debuted its $999 comma two ADAS (driver-assist) device at the annual CES tech show in Las Vegas.[58][59][60]

Other activities and recognition[edit]

Hotz was a finalist at the 2004 ISEF competition in Portland, Oregon with his project "The Mapping Robot". Recognition included interviews on the Today Show and Larry King.[61] Hotz was a finalist at the 2005 ISEF competition, with his project "The Googler".[62]

Hotz competed in the 2007 Intel International Science and Engineering Fair, a science competition for high school students, where his 3D imaging project, entitled "I want a Holodeck", received awards and prizes in several categories including a $20,000 Intel scholarship.[63] He travelled to Sweden to speak about the project at the Stockholm International Youth Science Seminar.[64]

In March 2008, PC World listed Hotz as one of the top 10 Overachievers under 21.[65]

In August 2013, Hotz attended DEF CON with Carnegie Mellon's Plaid Parliament of Pwning (PPP). PPP placed first in the DEF CON Capture the Flag (CTF) tournament.[66] Later in 2013, Hotz also competed in CSAW 2013. Working alone, Hotz took first place under the pseudonym tomcr00se.[67] In August 2014, Hotz once again competed as part of Carnegie Mellon's Plaid Parliament of Pwning to win the DEF CON CTF tournament for a second year in a row. The team also won the DEF CON "Crack Me If You Can" tournament.[68]

Hip hop career[edit]

Hotz makes music under the name tomcr00se.[69]

CheapEth WhaleGate Controversy[edit]

Hotz became involved in a Ethereum project called CheapEth designed to reduce gas fees.[70] Hotz came under much criticism after it was revealed he had pre-mined 25 million coins to his personal wallet and banned anybody from a community discord which mentioned the premine.[71]

References[edit]

  1. ^ Stone, Brad; John Biggs (August 25, 2007). "With Software and Soldering, AT&T's Lock on iPhone Is Undone". The New York Times. p. C-1. Archived from the original on July 1, 2011. Retrieved September 2, 2007.
  2. ^ "Interview with 17-year-old iPhone hacker". CNBC. September 30, 2007. Archived from the original on May 12, 2014. Retrieved November 10, 2013.
  3. ^ a b "The First Person to Hack the iPhone Built a Self-Driving Car. In His Garage". Bloomberg L.P. Archived from the original on December 17, 2016. Retrieved December 16, 2015.
  4. ^ McKay, Martha (August 24, 2007). "Tech whiz cracks code tying it to AT&T network". Bergen County, New Jersey: The Record. Archived from the original on October 14, 2007. Retrieved October 20, 2011.
  5. ^ "GEORGE HOTZ". Archived from the original on March 30, 2014. Retrieved March 24, 2014.
  6. ^ "Archived copy". Archived from the original on July 14, 2016. Retrieved July 18, 2016.CS1 maint: archived copy as title (link)
  7. ^ Unlocked iPhone on YouTube
  8. ^ a b c "Machine Politics: The man who started the hacker wars." Archived April 30, 2012, at the Wayback Machine,"The New Yorker", May 7, 2012. Retrieved April 30, 2012
  9. ^ Kronfeld, Melissa Jane; Liddy, Tom (August 25, 2007). "IHACKED YOU! CODE-CRACKING N.J. KID 'FREES' APPLE CELL". New York Post. Post Wire Services. Archived from the original on December 11, 2013. Retrieved October 20, 2011.
  10. ^ Unlocked iPhone. August 21, 2007. Retrieved January 4, 2016 – via YouTube.
  11. ^ Sorrel, Charlie (August 29, 2007). "Geohot Trades Hacked iPhone for Crazy Expensive Sports Car". Wired. ISSN 1059-1028. Archived from the original on March 1, 2020. Retrieved August 12, 2020.
  12. ^ Martin, David. "Blackra1n jailbreaks iPhone OS 3.1.2". CNET. Archived from the original on August 7, 2020. Retrieved May 23, 2020.
  13. ^ "Geohot Releases blackra1n to Jailbreak Any iPhone and iPod Touch Running iPhone OS 3.1.2". iPhone Hacks | #1 iPhone, iPad, iOS Blog. October 11, 2009. Archived from the original on August 1, 2020. Retrieved May 23, 2020.
  14. ^ "GeoHot says Goodbye to iPhone Community". Tech-exclusive.com. July 13, 2010. Archived from the original on October 13, 2013. Retrieved April 15, 2011.
  15. ^ Hutchinson, Roland (October 10, 2010). "Limera1n iOS 4.1 Jailbreak Released By Geohot". Geeky-gadgets.com. Archived from the original on October 16, 2010. Retrieved February 26, 2018.
  16. ^ Hotz, George (December 26, 2009). "A Real Challenge". On the PlayStation 3. Archived from the original on January 1, 2010. Retrieved May 23, 2020.
  17. ^ Hotz, George (January 22, 2010). "Hello hypervisor, I'm geohot". On the PlayStation 3. Archived from the original on January 29, 2010. Retrieved May 23, 2020.
  18. ^ Fildes, Jonathan (January 25, 2010). "PlayStation 3 'hacked' by iPhone cracker". BBC News. Archived from the original on August 16, 2017. Retrieved January 25, 2010.
  19. ^ "PS3 Firmware (v3.21) Update – PlayStation Blog". Archived from the original on June 15, 2011. Retrieved March 29, 2010.
  20. ^ "Sony explains PS3 Slim's loss of Linux option". www.theregister.co.uk. Archived from the original on August 14, 2019. Retrieved May 23, 2020.
  21. ^ The PS3 just too difficult to crack – GamingBolt.com: Video Game News, Reviews, Previews and Blog Archived July 16, 2010, at the Wayback Machine. GamingBolt.com. Retrieved February 16, 2011.
  22. ^ "Console Hacking 2010: PS3 Epic Fail". Chaos Communication Congress. fail0verflow. December 29, 2010. Archived from the original on June 16, 2017. Retrieved October 29, 2017.
  23. ^ 27C3 – Chaos Communication Congress 2010 – fail0verflow on YouTube
  24. ^ "Geohot: Here is your PS3 Root Key! – Now with "HELLO WORLD" proof!". PSX-SCENE. Archived from the original on January 6, 2011. Retrieved March 24, 2011.
  25. ^ Motion for TRO Archived March 7, 2016, at the Wayback Machine. Scribd.com (January 12, 2011). Retrieved February 16, 2011.
  26. ^ Sony vs. GeoHot Hacker Lawsuit. G4. January 13, 2011. Retrieved August 3, 2014.
  27. ^ "GeoHot vs Sony – PS3 Jailbreak, Lawsuit and the Interview". Newsden. January 16, 2011. Archived from the original on July 24, 2012. Retrieved August 2, 2014.
  28. ^ The Light It Up Contest on YouTube
  29. ^ Kravets, David (March 4, 2011). "Judge Lets Sony Unmask Visitors to PS3-Jailbreaking Site". Wired. Condé Nast Digital. Archived from the original on December 5, 2011. Retrieved December 6, 2011. A federal magistrate is granting Sony the right to acquire the internet IP addresses of anybody who has visited PlayStation 3 hacker George Hotz's website from January 2009 to the present. Thursday's decision by Magistrate Joseph Spero to allow Sony to subpoena Hotz's web provider (.pdf) raises a host of web-privacy concerns. Respected for his iPhone hacks and now the PlayStation 3 jailbreak, Hotz is accused of breaching the Digital Millennium Copyright Act and other laws after he published an encryption key and software tools on his website that allow Playstation owners to gain complete control of their consoles from the firmware on up. Sony also won subpoenas (.pdf) for data from YouTube and Google, as part of its lawsuit against the 21-year-old New Jersey hacker, as well as Twitter account data linked to Hotz, who goes by the handle GeoHot.
  30. ^ "George Hotz PayPal Subpoena Limited to California, Court Docs Reveal". Archived from the original on August 27, 2011. Retrieved May 18, 2011.
  31. ^ Gilbert, Ben (April 11, 2011). "Sony and PlayStation 3 jailbreaker George Hotz settle out of court". Joystiq. AOL, Inc. Archived from the original on March 22, 2015. Retrieved December 6, 2011. After a short but rather storied history, infamous PlayStation 3 jailbreaker George "GeoHot" Hotz and Sony Computer Entertainment of America have settled their legal dispute, with a statement on the PlayStation Blog stating the two parties "reached an agreement in principle" around 10 days ago. According to said agreement, Hotz has "consented to a permanent injunction," meaning he super swears he won't do it again (legally speaking, of course), though no other terms are given. We were told by an SCEA rep that the terms of the settlement (beyond what was disclosed) are confidential.
  32. ^ "geohot". Archived from the original on March 4, 2016. Retrieved January 4, 2016.
  33. ^ Luke Villapaz (June 16, 2014). "Geohot Towelroot Exploit Roots Galaxy S5 Devices On AT&T And Verizon". International Business Times. Archived from the original on November 26, 2015. Retrieved January 4, 2016.
  34. ^ "[SECURITY] [DSA 2949-1] linux security update". Archived from the original on March 4, 2016. Retrieved January 4, 2016.
  35. ^ a b Towelroot: One-Click Android Rooting Tool Released By Geohot Archived January 29, 2015, at the Wayback Machine, The Hacker News, June 1, 2015.
  36. ^ "I'm throwing a party and you should come **G... – Verizon Samsung Galaxy S 5". XDA Developers. Archived from the original on December 31, 2016. Retrieved January 4, 2016.
  37. ^ Samsung's official response to "Towelroot" Archived March 16, 2015, at the Wayback Machine Announcements: July 7, 2014, Samsung KNOX News
  38. ^ Protalinski, Emil (June 27, 2011). "Geohot reportedly now works for Facebook (update: Facebook confirms)". News & Blogs / Friending Facebook. ZDNet. Archived from the original on November 10, 2011. Retrieved October 20, 2011.
  39. ^ Reisinger, Don (June 28, 2011). "Geohot now a Facebook employee". The Digital Home. c|net. Archived from the original on October 20, 2011. Retrieved October 20, 2011.
  40. ^ Famous iPhone Hacker George Hotz Has Left Facebook Archived January 28, 2012, at the Wayback Machine
  41. ^ Bright, Peter. "Google 'Project Zero' hopes to find zero-day vulnerabilities before the NSA". Ars Technica. Archived from the original on July 16, 2014. Retrieved July 16, 2014.
  42. ^ "qira". qira.me. Archived from the original on August 11, 2018. Retrieved August 17, 2018.
  43. ^ "The First Person to Hack the iPhone Built a Self-Driving Car. In His Garage". www.bloomberg.com. Archived from the original on December 17, 2016. Retrieved June 30, 2020.
  44. ^ George Hotz's LinkedIn Profile
  45. ^ "Archived copy". Archived from the original on April 6, 2016. Retrieved April 6, 2016.CS1 maint: archived copy as title (link)
  46. ^ a b "Correction to article: "The First Person to Hack the iPhone Built a Self-Driving Car"". Tesla, Inc. Archived from the original on December 2, 2017. Retrieved October 29, 2017.
  47. ^ "Tesla Motors & Mobileye Announce Breakup Ahead of Gigafactory Opening". International Business Times. Archived from the original on October 29, 2017. Retrieved October 29, 2017.
  48. ^ "George Hotz promised to end capitalism in a manic sermon at SXSW". The Verge. March 15, 2016. Archived from the original on October 29, 2017. Retrieved August 31, 2017. Then he met with Elon Musk, who asked him to make a vision solution for self-driving cars that would rival the MobileEye tech Tesla was already working with. Then Musk offered him $12 million (minus $1 million for every month it took Hotz to work on the task).
  49. ^ Kirsten Korosec (December 21, 2015). "Elon Musk Says Tesla Vehicles Will Drive Themselves in Two Years". Fortune. Archived from the original on January 7, 2016. Retrieved January 4, 2016.
  50. ^ "Special order directed to comma.ai". Archived from the original on August 1, 2020. Retrieved October 28, 2016.
  51. ^ Etherington, Darrell (October 28, 2018). "Comma.ai cancels the Comma One following NHTSA letter". TechCrunch. Archived from the original on October 27, 2020. Retrieved January 19, 2020.
  52. ^ "The comma one is cancelled..." Archived from the original on July 27, 2019. Retrieved October 28, 2016.[non-primary source needed]
  53. ^ Lee, Kristen. "The Feds Were Right To Question The Safety Of The $999 Self-Driving Kit". Archived from the original on October 30, 2016. Retrieved October 29, 2016.
  54. ^ "George Hotz is giving away the code behind his self-driving car project". Archived from the original on March 3, 2020. Retrieved May 13, 2017.
  55. ^ "Openpilot github site". Archived from the original on August 4, 2020. Retrieved February 19, 2019.
  56. ^ ai, comma (September 14, 2018). "A message from the new CEO of comma.ai". comma ai. Archived from the original on September 23, 2018. Retrieved September 23, 2018.
  57. ^ "George Hotz". LinkedIn.
  58. ^ Hall, Emme (January 9, 2020). "We hit the road with Comma.ai's assisted-driving tech at CES 2020". Roadshow. Archived from the original on January 10, 2020. Retrieved January 19, 2020.
  59. ^ Baldwin, Roberto (January 13, 2020). "Comma Ai continues to impress with its aftermarket driver assistance tech". Engadget. Archived from the original on January 16, 2020. Retrieved January 19, 2020.
  60. ^ "Archived copy". Archived from the original on January 29, 2020. Retrieved February 1, 2020.CS1 maint: archived copy as title (link)
  61. ^ Society for Science & the Public – Intel ISEF – 2004 Portland SAO Award Winners Archived July 29, 2014, at the Wayback Machine. Societyforscience.org. Retrieved February 16, 2011.
  62. ^ Photos – Intel Science and Engineering Fair 2005 Archived July 7, 2008, at the Wayback Machine. Intel.com. Retrieved April 15, 2011.
  63. ^ Grand Awards Ceremony of the Intel International Science and Engineering Fair 2007. Intel Education. Retrieved August 24, 2007.
  64. ^ (in Swedish) Participants / SIYSS / Verksamhet / Förbundet Unga Forskare – Förbundet Unga Forskare. Web.archive.org (April 23, 2008). Retrieved April 15, 2011.
  65. ^ Tynan, Dan. (March 9, 2008) Meet the Whiz Kids: 10 Overachievers Under 21 – Page 10 Archived December 23, 2015, at the Wayback Machine. PC World. Retrieved April 15, 2011.
  66. ^ Cyberteams duke it out in the World Series of hacking – cnbc.com Archived April 2, 2015, at the Wayback Machine. CNBC. Retrieved November 8, 2013.
  67. ^ NYU-Poly Cyber Security Awareness Week Announces Winners of World's Biggest Student Contests – prnewswire.com Archived March 16, 2015, at the Wayback Machine. prnewswire.com. Retrieved November 18, 2013.
  68. ^ NYU-Poly CMU CyLab PPP and CUPS teams win “Capture the Flag” and “Crack Me If You Can" contests at DEFCON 22 – cylab.cmu.edu Archived April 3, 2015, at the Wayback Machine. cylab.cmu.edu. Retrieved August 20, 2014.
  69. ^ "tomcr00se". SoundCloud. Retrieved February 22, 2021.
  70. ^ cheapeth.org https://cheapeth.org/whalegate.html. Retrieved March 2, 2021. Missing or empty |title= (help)
  71. ^ "ApplyCheapHardFork · cheapETH/go-ethereum@412c384". GitHub. Retrieved March 2, 2021.

External links[edit]