Chris Valasek

Principal Autonomous Vehicle Security Architect
Cruise Automation
Pittsburgh, Pa
email: cvalasek [at] gmail [dot] com


Hello, I'm Chris Valasek. I'm currently an autonomous vehicle security architect at Cruise Automation. I'm quite interested in automotive security research, reverse engineering, and exploit development, along with wake surfing and many sports; mainly University of Pittsburgh Athletics, The Pittsburgh Steelers, The Pittsburgh Penguins and The Pittsburgh Pirates. As you can probably tell, I'm originally from Pittsburgh, Pa and currently reside in the city. I've also received a BS in Computer Science from the University of Pittsburgh in 2005. I was the chairman of SummerCon from 2006-2018 (the nations oldest hacker convention). I'm always looking for people to present and discuss interesting topics.

Small Bio
Chris Valasek is a Principal Autonomous Vehicle Security Architect at Cruise Automation. Valasek is regarded for his work in the automotive security arena. Most recently, Valasek was lauded for the remote compromise of a 2014 Jeep Cherokee, whereby he and his research partner obtained physical control of the vehicle. Valasek specializes in reverse engineering and exploitation research. Chris has a B.S. in Computer Science from the University of Pittsburgh.

Advisory Boards
Sexual Health Innovations | Callisto Advisory Board

Technical Mentor -
Environment Charter School
Faculty - Carneige Mellon CISO Executive Program

WIRED MakeTechHuman | Hacking Vehicles for Driver Safety
LinkedIn Next Wave (150 under 35) | LinkedIn Next Wave | Automotive
SC Magazine Top 6 Influential IT Security Thinkers 2013 | SC Magazine REBOOT'13 | Specific
Edward Markey Letter to Car Companies on Cyber Security & Privacy | Letters
Pwnie Judge - 2013 to Current | The Pwnies
2011 Pwnie Awards [Nominated] - Most Innovative Research - Understanding the LFH
2010 Pwnie Awards [Nominated] - Most Innovative Research - Practice Windows XP/2003 Heap Exploitation

Time "Protect Driverless Cars From Hackers"
Al Jazeera "Is your car secure against a hack?"
Fortune "Wired Jeep hack: Don't let stunt storytelling eclipse the message"
CNN Money "What a hacked Jeep looks like on the road"
NPR Marketplace "Imagine your car being hacked...while you're driving it"
The Washington Post "Hacks on the highway"
Wired "Hackers Remotely Kill a Jeep on the Highway—With Me in It"
Vox "The next frontier of hacking: your car"
Marketplace "Marketplace for Monday, January 19, 2015"
The Seattle Times "Seattle-based IOActive is attacking car hacking"
Associated Press "Automakers Aim to Drive Away Car Computer Hackers"
Live Science "Is Car Hacking the Next Big Security Threat?"
Fortune "Car hacking: how big is the threat to self-driving cars?"
IEEE Spectrum "Black Hat 2014: Hacking the Smart Car"
Wired "Hackers Could Take Control of Your Car. This Device Can Stop Them"
DarkReading "The World's Most Hackable Cars"
CNN Money "How hackers could slam on your car's brakes"
Scientific American "Fact or Fiction?: Your Car Is Hackable"
Forbes "DARPA-Funded Researchers Help You Learn To Hack A Car For A Tenth The Price"
ThreatPost "Detecting Car Attacks"
SC Magazine "Top 6 Influential IT Security Thinkers 2013" Specific
WCBS New York "Staying A Step Ahead Of Car Hackers"
NPR Science Friday "Hacking Under the Hood and Into Your Car"
CNN Money "Hackers control car's steering and brakes"
The TODAY Show "Two experts demonstrate carjacking gone digital"
NintendoLife "Weirdness: Hackers Use NES Pad To Drive Car"
MTV Geek! "Here We Have A Guy Driving A Car With A NES Controller"
BBC "Car hackers use laptop to control standard car"
The Sunday Times "Car hackers control steering and brakes using a laptop"
SC Magazine "Car hackers' appearance on the 'Today' show was important because they were on the 'Today' show"
SecurityWeek "Podcast: Car Hacking with Charlie Miller and Chris Valasek"
Forbes "Hackers Reveal Nasty New Car Attacks--With Me Behind The Wheel (Video)"
ThreatPost "Security Experts Recommend Long, Hard Look at Disabling Java Browser Plug-In"
BBC "Viewpoint: Making sense of the Apple ID codes leak"
SearchSecurity "Researcher lauds Windows 8 memory protections"
Softpedia "Chris Valasek: The Windows 8 Heap Manager Is the Most Secure to Date"
SC Magazine [video] "Security and Windows 8"
PCMag - "Number of Macs Infected With Flashback Trojan on the Decline"
Security Watch PCMag - "Flashback: Mac Security Holed by Java"
Security Week - "Mac OS X Malware Builds Botnet More than 550,000 Strong"
ComputerWorld - "Researchers accuse Google of plotting to undercut Firefox"
Forbes - "Browser Study Sheds Light On Firefox's Insecurity (And Google Approves This Message)"
The Register - "Google Chrome is the most secured browser"
The Register - "Whitehats pierce giant hole in Microsoft security shield" - "Security Researcher Joins Accuvant LABS Team"
Computer World - "Microsoft patches URI bug, ancient DNS flaw"
X-Force Blog - [2010 - Updated I no longer work here] I post some things here from time to time

Advisory (ICSA-15-260-01) - Harman-Kardon Uconnect Vulnerability
X-Force Alert 356 - Novell eDirectory Remote Code Execution (Bug used for Blackhat USA '09 Talk)
X-Force Alert 325 - Xvid Codec MBlock Indexing Buffer Overflow
X-Force Alert 304 - Oracle WebLogic Server Apache Connector Overflow
X-Force Alert 309 - Trend Micro ServerProtect Heap Overflow (3)
X-Force Alert 310 - Trend Micro ServerProtect Heap Overflow (3)


"Applied Self-Driving Car Security" , Blackhat USA 2018, August, 2018, Las Vegas, NV, USA [paper]

"Advanced CAN Injection Techniques for Vehicle Networks" , Blackhat USA 2016, August, 2016, Las Vegas, NV, USA [paper]

"If we can make it, we can break it" , Social Good Summit, Sept, 2015, New York, New York, USA

"Remote Exploitation of an Unaltered Passenger Vehicle" , Blackhat USA 2015, August, 2015, Las Vegas, NV, USA [paper]

KEYNOTE: The Connected Car: Security Throwback SecTOR 2014, Oct, 2014, Toronto, Canada

"A Survey of Remote Automotive Attack Surfaces" , Blackhat USA 2014, August, 2014, Las Vegas, NV, USA [paper]
"A Survey of Remote Automotive Attack Surfaces" , DEFCON 2014, August, 2014, Las Vegas, NV, USA

KEYNOTE: Automotive Attacks: Present and Future , ESCAR USA 2014, June, 2014, Ann Arbor, MI, USA

"Car Hacking for Poories", Syscan 2014, April, 2014, Singapore, Singapore [Paper]

"Adventures in Automotive Networks and Control Units", DefCon 21, July, 2013, Las Vegas, NV, USA [Paper] | [Content]
"Adventures in Automotive Networks and Control Units", H2HC 2013, October, 2013, Sao Paulo, SP, Brazil
"Adventures in Automotive Networks and Control Units", CounterMeasure 2013, November, 2013, Ottawa, Ontario, Canada

"Windows 8 Heap Internals", Blackat USA 2012, July, 2012, Las Vegas, NV, USA [Paper] [Slides]

"Heaps of Doom", Syscan Singapore 2012, April, 2012, Singapore, Singapore

"Browser Security Comparison: A Quantitative Approach", Browser Security Comparison, December, 2011

"Modern Heap Exploitation using the Low Fragmentation Heap", Infiltrate, April 2011, Miami, Florida [Prezi]
"Modern Heap Exploitation using the Low Fragmentation Heap", CONFidence, May 2011, Krakow, Poland
"Modern Heap Exploitation using the Low Fragmentation Heap", ph-netural, May 2011, Berlin, Germany

"Exploitation in the Modern Era", Blackhat USA 2011, March 2011, Barcelona, Spain [Prezi]

"Understanding the Low Fragmentation Heap: From Allocation to Exploitation", Blackhat USA 2010, July 2010, Las Vegas, Nv [Video] [Paper] [Slides]

"The Evolving Threat Landscape", Secure IT Conference 2010, March 2010, Los Angeles, Ca

"Practical Windows XP/2003 Heap Exploitation", Black Hat USA 2009, August 2009, Las Vegas, Nv [Paper] [Slides]

"IDS/IPS Security Lifecycle", Guest lecturer to Michael Hunter, CS 4235 Introduction to Information Security, July 2009, Atlanta, Ga

"Reverse Engineering 101", Guest lecturer to Mustaque Ahamad, Security Laboratory, October 2008, Atlanta, Ga

"Introduction to Vulnerability Analysis", Guest lecturer to Mustaque Ahamad, CS 6265 Security Laboratory, November 2007, Atlanta, Ga

"Introduction to Vulnerability Analysis", Phreaknic 11, October 2007, Nashville, Tn

Blog roll...
Halvar Flake - BinDiff puts everything else to shame
Dino Dai Zovi - Exploit perfectionist
Ero Carrera - Zynamics crew
Ilfak Guilfanov - IDA Pro and HexRays, need I say more
FX / Recurity - Knows more about IOS than Cisco
TAoSSA - I have the unfortunate pleasure of working with all three of these jerks (** Update, I now only work with one of these jerks **) (*** Update 2: I no longer work with any of these jerks :( ***)
Google Reader - My google reader subscriptions