George Francis Hotz (born October 2, 1989), alias geohot, is an American security hacker, entrepreneur, and software engineer.
He is known for developing iOS jailbreaks, reverse engineering the PlayStation 3, and for the subsequent lawsuit brought against him by Sony.
2007
In August 2007, seventeen-year-old George Hotz became the first person reported to remove the SIM lock on an iPhone.
He traded his second unlocked 8 GB iPhone to Terry Daidone, the founder of CertiCell, for a Nissan 350Z and three 8 GB iPhones.
2009
In October 2009, Hotz released blackra1n.
It was compatible with all iPhone and iPod Touch devices running iOS 3.1.2.
In December 2009, Hotz announced his initial intentions to breach security on the PlayStation 3.
2010
On July 13, 2010, Hotz announced the discontinuation of his jailbreaking activities, citing demotivation over the technology and the unwanted personal attention.
Nevertheless, he continued to release new software-based jailbreak techniques until October 2010.
On January 22, 2010, he announced that he had gained read and write access to the machine's system memory as well as hypervisor level access to the machine's CPU.
On January 26, 2010, Hotz released the exploit to the public.
On March 28, 2010, Sony responded by announcing their intention to release a PlayStation 3 firmware update that would remove the OtherOS feature from all models, a feature that was already absent on the newer Slim revisions of the machine.
On July 13, 2010, Hotz posted a message on his Twitter account stating that he had abandoned his efforts.
On December 29, 2010, hacking group fail0verflow did a presentation at the 27th Chaos Communications Congress where they exposed a mistake of Sony in their usage of ECDSA signatures without publishing the corresponding private key.
This key was used by Sony to prevent piracy.
2011
On January 2, 2011, Hotz posted a copy of the private key of the PlayStation 3 on his website.
These keys were later removed from his website as a result of legal action by Sony against fail0verflow and Hotz.
In response to his continued publication of PS3 exploit information, Sony filed on January 11, 2011, for an application for a temporary restraining order (TRO) against him in the US District Court of Northern California.
Hotz published his commentary on the case, including a song about the "disaster" of Sony.
Sony in turn has demanded that social media sites, including YouTube, hand over IP addresses of people who visited Geohot's social pages and videos, the latter being the case only for those who "watched the video and 'documents reproducing all records or usernames and IP addresses that have posted or published comments in response to the video".
PayPal granted Sony access to Geohot's PayPal account contribution transactions, and the judge of the case granted Sony permission to view the IP addresses of everyone who visited geohot.com.
In April 2011, it was revealed that Sony and Hotz had settled the lawsuit out of court, on the condition that Hotz would never again resume any hacking work on Sony products.
Hotz worked at Facebook between May 2011 and January 2012.
2014
In June 2014, Hotz published a root exploit software hack for Samsung Galaxy S5 devices used in the US market.
The exploit is built around the CVE-2014-3153 vulnerability, which was discovered by hacker Pinkie Pie, and it involves an issue in the futex subsystem that in turn allows for privilege escalation.
The exploit, known as towelroot, was designated as a "one-click Android rooting tool".
Although originally released for the Verizon Galaxy S5, the root exploit was made compatible with most Android devices available at that time.
For example, it was tested and found to work with the AT&T Galaxy S5, Nexus 5, and Galaxy S4 Active.
Updates continued to be applied to the root exploit to increase its capabilities with other devices running Android.
Updates to the Android operating system closed the source of the exploit.
Samsung officially responded to the towelroot exploit by releasing updated software designed to be immune from the exploit.
Hotz made a meaningful side income from public donations solicited for his security exploits.
On July 16, 2014, Google hired Hotz to work with the Project Zero team where he developed Qira for dynamically analysing application binaries.
2015
From September 2015 onwards, he has been working on his vehicle automation machine learning company comma.ai.
Since November 2022, Hotz has been working on tinygrad, a deep learning framework.
He attended the Academy for Engineering and Design Technology at the Bergen County Academies, a magnet public high school in Hackensack, New Jersey.
Hotz is an alumnus of the Johns Hopkins Center for Talented Youth program.
Hotz also briefly attended Rochester Institute of Technology and Carnegie Mellon University.
Hotz was employed at the startup Vicarious from January until July 2015.
On November 18, 2022, Hotz announced that he had been hired by Twitter for a 12-week internship, with the task of fixing Twitter search as well as removing the pop up log-in screen displayed to users scrolling without being logged in to an account.