George Hotz | |
---|---|
Born | George Francis Hotz October 2, 1989 Glen Rock, New Jersey, U.S. |
Other names | geohot, tomcr00se |
Years active | 2007–present |
Known for |
|
Website | Official website |
George Francis Hotz (born October 2, 1989), alias geohot, is an American security hacker, entrepreneur, [1] and software engineer. He is known for developing iOS jailbreaks, [2] [3] reverse engineering the PlayStation 3, and for the subsequent lawsuit brought against him by Sony. From September 2015 onwards, he has been working on his vehicle automation machine learning company comma.ai. [4] Since November 2022, Hotz has been working on tinygrad, a deep learning framework.
Hotz attended the Academy for Engineering and Design Technology at the Bergen County Academies, a magnet public high school in Hackensack, New Jersey. [5] Hotz is an alumnus of the Johns Hopkins Center for Talented Youth program. [6] Hotz also briefly attended Rochester Institute of Technology [7] and Carnegie Mellon University.
In August 2007, seventeen-year-old George Hotz became the first person reported to remove the SIM lock on an iPhone. [8] [9] [10] [11] He traded his second unlocked 8 GB iPhone to Terry Daidone, the founder of CertiCell, for a Nissan 350Z and three 8 GB iPhones. [12]
In October 2009, Hotz released blackra1n. It was compatible with all iPhone and iPod Touch devices running iOS 3.1.2. [13] [14]
On July 13, 2010, Hotz announced the discontinuation of his jailbreaking activities, citing demotivation over the technology and the unwanted personal attention. [15] Nevertheless, he continued to release new software-based jailbreak techniques until October 2010. [16]
In December 2009, Hotz announced his initial intentions to breach security on the PlayStation 3. [17] On January 22, 2010, he announced that he had gained read and write access to the machine's system memory as well as hypervisor level access to the machine's CPU. [18] [19]
On January 26, 2010, Hotz released the exploit to the public. On March 28, 2010, Sony responded by announcing their intention to release a PlayStation 3 firmware update that would remove the OtherOS feature from all models, [20] a feature that was already absent on the newer Slim revisions of the machine. [21]
On July 13, 2010, Hotz posted a message on his Twitter account stating that he had abandoned his efforts. [22]
On December 29, 2010, hacking group fail0verflow did a presentation at the 27th Chaos Communications Congress where they exposed a mistake of Sony in their usage of ECDSA signatures without publishing the corresponding private key. This key was used by Sony to prevent piracy. [23] [24] On January 2, 2011, Hotz posted a copy of the private key of the PlayStation 3 on his website. [25] These keys were later removed from his website as a result of legal action by Sony against fail0verflow and Hotz. In response to his continued publication of PS3 exploit information, Sony filed on January 11, 2011, for an application for a temporary restraining order (TRO) against him in the US District Court of Northern California. [26] [27] [28]
Hotz published his commentary on the case, including a song about the "disaster" of Sony. [29] Sony in turn has demanded that social media sites, including YouTube, hand over IP addresses of people who visited Geohot's social pages and videos, the latter being the case only for those who "watched the video and 'documents reproducing all records or usernames and IP addresses that have posted or published comments in response to the video". [30]
PayPal granted Sony access to Geohot's PayPal account contribution transactions, [31] and the judge of the case granted Sony permission to view the IP addresses of everyone who visited geohot.com. In April 2011, it was revealed that Sony and Hotz had settled the lawsuit out of court, on the condition that Hotz would never again resume any hacking work on Sony products. [32]
In June 2014, Hotz [33] published a root exploit software hack for Samsung Galaxy S5 devices used in the US market. [34] The exploit is built around the CVE-2014-3153 vulnerability, [35] [36] which was discovered by hacker Pinkie Pie, and it involves an issue in the futex subsystem that in turn allows for privilege escalation. The exploit, known as towelroot, was designated as a "one-click Android rooting tool". [36]
Although originally released for the Verizon Galaxy S5, the root exploit was made compatible with most Android devices available at that time. For example, it was tested and found to work with the AT&T Galaxy S5, Nexus 5, and Galaxy S4 Active. Updates continued to be applied to the root exploit to increase its capabilities with other devices running Android. [37] Updates to the Android operating system closed the source of the exploit. Samsung officially responded to the towelroot exploit by releasing updated software designed to be immune from the exploit. [38]
Hotz made a meaningful side income from public donations solicited for his security exploits. [9]
Hotz worked at Facebook between May 2011 and January 2012. [39] [40] [9] [41]
On July 16, 2014, Google hired Hotz to work with the Project Zero team [42] where he developed Qira for dynamically analysing application binaries. [43]
Hotz was employed at the startup Vicarious from January until July 2015. [44]
On November 18, 2022, Hotz announced that he had been hired by Twitter for a 12-week internship, with the task of fixing Twitter search as well as removing the pop up log-in screen displayed to users scrolling without being logged in to an account. [45] On December 20, after less than 5 weeks at the role, he resigned, stating “appreciate the opportunity, but didn’t think there was any real impact I could make there”. [46] [47]
Hotz founded his AI startup, comma.ai, in September 2015. [48] In an interview with Bloomberg, Hotz revealed that the company was building vehicular automation technology based on machine learning algorithms. Hotz built a working self-driving 2016 Acura ILX, which he demonstrated on California's Interstate 280 freeway in a video, [4] resulting in a cease and desist letter from the California Department of Motor Vehicles. [49]
Hotz wanted to sell his technology to Tesla Motors, meeting with CEO Elon Musk. [50] [51] Hotz claims that Musk offered him $12 million (minus $1 million for every month it took Hotz to work on the task) to create a driving system that could replace the MobilEye solution that Tesla used at the time, which was disputed by Musk. [52] Musk offered advice on Hotz's self-driving car project in a December 2015 interview. [53]
On October 27, 2016, the National Highway Traffic Safety Administration (NHTSA) informed Hotz that the product was legally required to comply with Federal Motor Vehicle Safety Standards, and requested information that would confirm such compliance. [54] A day later, George Hotz tweeted from Shenzhen that the comma one was cancelled. [55] [56] Kristen Lee stated on Jalopnik that the NHTSA was simply trying to open a dialog, and commented: "Instead, they got the worst attitude possible from Silicon Valley: try and regulate us, thought leaders, and we’ll take our ball and go home." [57]
comma.ai open sourced their self driving car software (called openpilot) on November 30, 2016, emphasizing its intended use for research without a warranty. [58] [59]
On September 14, 2018, comma.ai announced Hotz would become the Head of Research Team for the project, and appointed Riccardo Biasini as the new CEO of the company. [60] He left in March 2019, but returned in May 2019 to become president once again. [61]
On January 7, 2020, comma.ai debuted its $999 comma two ADAS (driver-assist) device at the annual CES tech show in Las Vegas. [62] [63] [64]
On August 23, 2022, comma.ai was sued by patent troll Sucxess LLC. [65] [66]
On October 31, 2022, Hotz said he is taking some time away from comma.ai. [67] [68]
Hotz founded tiny corp on November 5, 2022. tiny corp aims to port machine learning instruction sets to hardware accelerators. [69] [70]
On May 24, 2023, tiny corp announced that they raised $5.1M to build computers for machine learning and develop neural network framework called tinygrad. [71] Tinygrad, the neural network framework developed by Tiny Corp, aims to provide a balance between the simplicity of Andrej Karpathy's micrograd framework and the functionality of the PyTorch framework. [72] tinygrad aims to realize performance gains over PyTorch through a number of optimizations, including dynamic compilation, fusing of operations, and a greatly simplified backend. [73] tinygrad is currently used to enable comma.ai's openpilot framework to run on the company's dedicated hardware, which includes a Snapdragon 845 GPU. [74]
Additionally, tiny corp builds the TinyBox, a $15,000 AI computer aimed at local model training and inference, serving as a personal compute cluster. [75]
Hotz was a finalist at the 2004 Intel International Science and Engineering Fair (ISEF), a science competition for high school students, in Portland, Oregon with his project "The Mapping Robot". Recognition included interviews on the Today Show and Larry King Show . [76] Hotz was a finalist at the 2005 ISEF competition, with his project "The Googler". [77]
Hotz competed at the 2007 ISEF where his 3D imaging project, entitled "I want a Holodeck", received awards and prizes in several categories including a $20,000 Intel scholarship. [78] He travelled to Sweden to speak about the project at the Stockholm International Youth Science Seminar. [79]
In March 2008, PC World listed Hotz as one of the top 10 Overachievers under 21. [80]
In August 2013, Hotz attended the DEF CON hacker convention with Carnegie Mellon's Plaid Parliament of Pwning (PPP). PPP placed first in the DEF CON Capture the Flag (CTF) tournament. [81] Later in 2013, Hotz also competed in the 2013 New York University Tandon School of Engineering Cyber Security Awareness Week (CSAW). Working alone, Hotz took first place under the pseudonym tomcr00se. [82] In August 2014, Hotz once again competed as part of Carnegie Mellon's PPP to win the DEF CON CTF tournament for a second year in a row. The team also won the DEF CON "Crack Me If You Can" tournament. [83]
In 2013, Hotz began making hip hop music on his SoundCloud, tomcr00se. As of August 2023, [update] he has made 28 original songs and covers. [84]
Hotz also has a Twitch channel, where he frequently does programming livestreams. As of August 2023, [update] his twitch channel has over 71k followers. [85]
In February 2020, Hotz founded the cheapETH crypto currency. [86]
Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application or user with more privileges than intended by the application developer or system administrator can perform unauthorized actions.
A softmod is a method of using software to modify the intended behavior of hardware, such as computer hardware, or video game consoles in a way that can overcome restrictions of the firmware, or install custom firmware.
Homebrew, when applied to video games, refers to software produced by hobbyists for proprietary video game consoles which are not intended to be user-programmable. The official documentation is often only available to licensed developers, and these systems may use storage formats that make distribution difficult, such as ROM cartridges or encrypted CD-ROMs. Many consoles have hardware restrictions to prevent unauthorized development.
Susan Yvonne Illston is a senior United States district judge of the United States District Court for the Northern District of California. She was nominated by President Bill Clinton and confirmed by the Senate in 1995. She assumed senior status in 2013.
OtherOS is a feature of early versions of the PlayStation 3 video game console, allowing user installed software, such as Linux or FreeBSD. The feature was removed since system firmware update 3.21, released on April 1, 2010.
An illegal number is a number that represents information which is illegal to possess, utter, propagate, or otherwise transmit in some legal jurisdiction. Any piece of digital information is representable as a number; consequently, if communicating a specific set of information is illegal in some way, then the number may be illegal as well.
The PlayStation 3 system software is the updatable firmware and operating system of the PlayStation 3. The base operating system used by Sony for the PlayStation 3 is a fork of both FreeBSD and NetBSD known internally as CellOS or GameOS. It uses XrossMediaBar as its graphical shell.
The iPod Touch is a discontinued line of iOS-based mobile devices designed and formerly marketed by Apple Inc. with a touchscreen-controlled user interface. As with other iPod models, the iPod Touch can be used as a portable media player and a handheld gaming device, but can also be used as a digital camera, a web browser, for email and messaging. It is nearly identical in design to the iPhone, and can run most iPhone third-party apps from the App Store, but it connects to the Internet only through Wi-Fi and uses no cellular network data, as it lacks a cellular modem.
iOS jailbreaking is the use of a privilege escalation exploit to remove software restrictions imposed by Apple on devices running iOS and iOS-based operating systems. It is typically done through a series of kernel patches. A jailbroken device typically permits root access within the operating system and provides the right to install software unavailable through the App Store. Different devices and versions are exploited with a variety of tools. Apple views jailbreaking as a violation of the end-user license agreement and strongly cautions device owners not to try to achieve root access through the exploitation of vulnerabilities.
Kevin Butler was a marketing character used by Sony Computer Entertainment America as part of their It Only Does Everything (2009–11) and Long Live Play (2011) advertising campaigns for the PlayStation 3 in North America. He starred as the Vice President of various fictitious departments within the PlayStation division of Sony, responding to "Dear PlayStation" queries. Due to the positive reception to the commercials, Sony extended them throughout the remainder of 2010 as well as into 2011. The character was created by Deutsch LA, the advertising agency responsible for the campaign. Deutsch/LA also managed Kevin Butler's Twitter account and wrote his E3 2010 speech. Creative Circus graduates Will Lindberg and Mark Adler were responsible for creating the "Hall of Play" Facebook application to induct PlayStation gamers into the Hall of Play by Kevin Butler.
Rooting is the process by which users of Android devices can attain privileged control over various subsystems of the device, usually smartphones and tablets. Because Android is based on a modified version of the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system such as FreeBSD or macOS.
JailbreakMe is a series of jailbreaks for Apple's iOS mobile operating system that took advantage of flaws in the Safari browser on the device, providing an immediate one-step jailbreak, unlike more common jailbreaks, such as Blackra1n and redsn0w, that require plugging the device into a computer and running the jailbreaking software from the desktop. JailbreakMe included Cydia, a package management interface that serves as an alternative to the App Store. Although it does not support modern devices, the websites remain available for compatible devices.
PlayStation 3 Jailbreak was the first USB chipset that allowed unauthorized execution of code, similar to homebrew, on the PlayStation 3. It works by bypassing a system security check using a memory exploit which occurs with USB devices that allows the execution of unsigned code.
greenpois0n is a name shared by a series of iOS jailbreaking tools developed by Chronic Dev Team that use exploits to remove software restrictions on iPhones, iPads, iPod Touches, and Apple TVs. Greenpois0n's initial release in October 2010 jailbroke iOS 4.1, and its second version in February 2011 jailbroke iOS 4.2.1 as well as iOS 4.2.6 on CDMA iPhones. The second generation of the tool, greenpois0n Absinthe, was developed with iPhone Dev Team members and jailbroke iOS 5.0.1 in January 2012, and a second version jailbroke iOS 5.1.1 in May 2012.
Kilpatrick Townsend & Stockton is an American multinational law firm headquartered in Atlanta, Georgia. The firm has twenty-two offices, including U.S. offices in Arizona, California, Colorado, Illinois, New York, North Carolina, Texas, Washington State, and the District of Columbia, and has presence via international offices in Japan, Beijing, Shanghai, and Sweden. The firm is particularly known for its intellectual property practice. Clients have included Google in litigation related to its Google Print product, and Sony in its suit against 21-year-old hacker George Hotz for jailbreaking the PS3.
SCEA v. Hotz was a lawsuit in the United States by Sony Computer Entertainment of America against George Hotz and associates of the group fail0verflow. It was in regards to jailbreaking and reverse engineering the PlayStation 3.
The 2011 PlayStation Network outage was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to deactivate the PlayStation Network servers on April 20. The outage lasted 23 days.
Homebrew software was first run on the PlayStation 3 by a group of hackers under the name "Team Ice" by exploiting a vulnerability in the game Resistance: Fall of Man. Following various other hacks executed from Linux, Sony removed the ability to install another operating system in the 3.21 firmware update. This event caused backlash among the hacker communities, and eventually the group Fail0verflow found a flaw in the generation of encryption keys which they leveraged to restore the ability to install Linux. George Hotz (Geohot), often misattributed as the genesis of homebrew on the PS3, later created the first homebrew signed using the private "metldr" encryption key which he leaked onto the internet. Leaking the key led to Hotz being sued by Sony. The court case was settled out of court, with the result of George Hotz not being able to further reverse engineer the PS3.
openpilot is an open-source, semi-automated driving software by comma.ai, Inc. When paired with comma hardware, it replaces advanced driver-assistance systems in various cars, improving over the original system. As of 2023, openpilot supports 250+ car models and has 6000+ users, accumulating over 90 million miles (140,000,000 km).
Hector Martin Cantero, also known as marcan, is a Spanish security hacker and current lead developer on the Asahi Linux project. He is also known for hacking multiple PlayStation generations, the Wii and other devices.
A federal magistrate is granting Sony the right to acquire the internet IP addresses of anybody who has visited PlayStation 3 hacker George Hotz's website from January 2009 to the present. Thursday's decision by Magistrate Joseph Spero to allow Sony to subpoena Hotz's web provider (.pdf) raises a host of web-privacy concerns. Respected for his iPhone hacks and now the PlayStation 3 jailbreak, Hotz is accused of breaching the Digital Millennium Copyright Act and other laws after he published an encryption key and software tools on his website that allow Playstation owners to gain complete control of their consoles from the firmware on up. Sony also won subpoenas (.pdf) for data from YouTube and Google, as part of its lawsuit against the 21-year-old New Jersey hacker, as well as Twitter account data linked to Hotz, who goes by the handle GeoHot.
After a short but rather storied history, infamous PlayStation 3 jailbreaker George "GeoHot" Hotz and Sony Computer Entertainment of America have settled their legal dispute, with a statement on the PlayStation Blog stating the two parties "reached an agreement in principle" around 10 days ago. According to said agreement, Hotz has "consented to a permanent injunction," meaning he super swears he won't do it again (legally speaking, of course), though no other terms are given. We were told by an SCEA rep that the terms of the settlement (beyond what was disclosed) are confidential.
Then he met with Elon Musk, who asked him to make a vision solution for self-driving cars that would rival the MobileEye tech Tesla was already working with. Then Musk offered him $12 million (minus $1 million for every month it took Hotz to work on the task).
{{cite web}}
: CS1 maint: archived copy as title (link){{cite web}}
: CS1 maint: archived copy as title (link)