Mr. Miller and Mr. Valasek will work in Uber’s offices in Pittsburgh, where the company has based its self-driving car and robotics research. In a statement, Uber said the two men would work closely with Joe Sullivan, Uber’s chief security officer, and John Flynn, the chief information security officer, to “continue building out a world-class safety and security program at Uber.”
The potential for breaches is escalating as cars transform into Internet-connected computers. A report from Verizon last November found that 14 car manufacturers accounted for 80 percent of the worldwide auto market, and each one has a connected-car strategy. Security experts say one remote hacking of an Uber vehicle could spell disaster for the ride-hailing company.
Mr. Miller and Mr. Valasek have made car hacking a focus. In August, the two demonstrated at the Black Hat and Def Con hacking conferences a way to control hundreds of thousands of vehicles remotely. Over the Internet, they were able to track down cars by their location, see how fast they were traveling and manipulate their blinkers, lights, windshield wipers, radios and navigation and, in some cases, control their brakes and steering.
Mr. Miller, a former “global network exploitation specialist” for the National Security Agency, most recently worked at Twitter. He was hired there after making a name for himself by exploiting Apple- and Android-powered devices.
“I’ve been in security for more than 10 years, and I’ve worked on computers and phones. This time, I wanted to do something that my grandmother would understand. If I tell her, ‘I can hack into your car,’ she understands what that means,” Mr. Miller said in an interview last month.
“Also, I drive cars,” Mr. Miller added. “I would like them to be safe.”
In 2013, they described how they were able to take control of a Ford and a Toyota by plugging in a diagnostic port that could manipulate the speed and steering of the vehicles. Car manufacturers were not so concerned, given that someone would need physical access to the car to take control, and that just as much harm could be inflicted with a knife to the tires.
So the two instead focused on gaining remote access to cars, and discovered a vulnerability in a hardware chip that connected Fiat Chrysler cars to the Internet. From there, they discovered a way to crawl into another hardware chip that controlled the vehicles’ electronics, as well as its locks, windshield wipers, speedometer, lights and blinkers. Depending on how fast the driver was going, they could even engage and disengage the brakes and steering.
Last month, Fiat Chrysler issued a recall of 1.4 million vehicles after Mr. Miller and Mr. Valasek revealed the vulnerability.
Uber’s Advanced Technology Center, the name of its center in Pittsburgh, works on mapping, vehicle safety and autonomy, according to Uber’s website. The group works on developing safe critical software and hardware systems, analyzes system defects and identifies security problems. The company has said its autonomous car research is in its very early stages, and has said it considers the initiative a long-term bet.