Garrett Miller
About
Security engineer with an interest in zero-trust security architecture, trusted device access, and Identity & Access Management (IAM). Background in digital forensics, incident response, and offensive security.
Interests
- Embedded/Single-Board Computing
- Wireless/Mobile Security
- Penetration Testing
- Digital Forensics
- Photography
Research & CVEs
Security Vulnerabilities in IoT Devices (2018-2020)
- Security Vulnerabilities in Meross MSS110
- CVE-2018-6401: Details - Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented admin account with a blank password.
- CVE-2018-6402: Details - Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby SSID, similar to an “Evil Twin” attack.
- CVE-2018-10544: Details - Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface.
Deauth Star: Attacking Wireless Surveillance Devices (2015-2016)
Future Implications of GPU Acceleration on Present Cryptographic Standards (2010-2011)
- Undergraduate Thesis
- Explored how then-novel GPU acceleration of cryptographic algorithms could impact current security and cryptographic standards.