George Francis Hotz, born on October 2, 1989, is also known as geohot. He is an American computer security expert, business owner, and software engineer. He is recognized for creating tools to modify iOS devices, analyzing the PlayStation 3’s software, and facing a legal case from Sony. From September 2015 to November 2025, he worked for his company, comma.ai, which focuses on vehicle automation using machine learning. Since November 2022, Hotz has been developing tinygrad, a tool used in deep learning.
Education
Hotz attended the Academy for Engineering and Design Technology at the Bergen County Academies, a special public high school in Hackensack, New Jersey. Hotz is a graduate of the Johns Hopkins Center for Talented Youth program. Hotz also briefly studied at Rochester Institute of Technology and Carnegie Mellon University.
Security research
In August 2007, seventeen-year-old George Hotz became the first person reported to remove the SIM lock on an iPhone. He traded his second unlocked 8 GB iPhone to Terry Daidone, the founder of CertiCell, for a Nissan 350Z and three 8 GB iPhones.
In October 2009, Hotz released blackra1n. This tool worked with all iPhone and iPod Touch devices running iOS 3.1.2.
On July 13, 2010, Hotz announced he would stop his jailbreaking activities. He said he felt unmotivated by the technology and unwanted attention. However, he continued to share new jailbreak methods until October 2010.
One of his last works, limera1n, was made public in October 2010.
In December 2009, Hotz shared his plans to break security on the PlayStation 3. On January 22, 2010, he announced he had gained access to the system memory and hypervisor level access to the PlayStation 3’s CPU.
On January 26, 2010, Hotz shared the exploit with the public. On March 28, 2010, Sony said they would update the PlayStation 3’s firmware to remove the OtherOS feature, which was already missing on newer models.
On July 13, 2010, Hotz posted a message on his Twitter account saying he had stopped his efforts.
On December 29, 2010, a hacking group called fail0verflow presented a report at the 27th Chaos Communications Congress. They revealed a mistake Sony made in using ECDSA signatures without sharing the private key. On January 2, 2011, Hotz posted the PlayStation 3’s private key on his website. Later, Sony removed the key after legal action. Sony then asked a court to stop Hotz from sharing more PlayStation 3 exploit information.
Hotz shared his thoughts on the case, including a song about Sony’s “disaster.” Sony asked social media sites like YouTube to provide IP addresses of people who visited Hotz’s pages or watched his videos. PayPal allowed Sony to access Hotz’s PayPal account history, and a judge let Sony view IP addresses of people who visited geohot.com. In April 2011, Sony and Hotz settled the case outside of court, with Hotz agreeing never to hack Sony products again.
In June 2014, Hotz released a root exploit for Samsung Galaxy S5 devices in the US. The exploit used the CVE-2014-3153 vulnerability, discovered by hacker Pinkie Pie. It involved an issue in the futex subsystem that allowed users to gain higher access. The exploit, called towelroot, was a “one-click Android rooting tool.”
Originally made for the Verizon Galaxy S5, the tool was later adapted to work with many Android devices, including the AT&T Galaxy S5, Nexus 5, and Galaxy S4 Active. Updates were added to support more devices. Later Android updates fixed the exploit’s weakness. Samsung released new software to protect against the exploit.
Career
George Hotz earned extra money from donations given by people who supported his work on computer security.
He worked at Facebook from May 2011 to January 2012.
On July 16, 2014, Google hired Hotz to join the Project Zero team. There, he created Qira, a tool used to analyze software programs in real time.
Hotz worked at the startup Vicarious from January to July 2015.
In 2022, after Elon Musk bought Twitter, Hotz joined the company for a 12-week internship. His tasks included fixing Twitter’s search feature and removing a pop-up login screen that appeared for users who were not logged in. After less than five weeks, he left the job, saying, “I appreciate the opportunity, but didn’t think there was any real impact I could make there.”
In September 2015, Hotz started comma.ai to create driver-assistance systems using machine learning. He tested an early version of a self-driving car, an Acura ILX, on California’s Interstate 280. This led to a legal notice from the California Department of Motor Vehicles.
comma.ai originally planned to sell a device called the “comma one” but canceled the plan in October 2016 after the National Highway Traffic Safety Administration asked about its safety standards. A month later, the company released its driving software, openpilot, as free, open-source software.
The company later made hardware devices to run openpilot, including the comma two (2020) and comma three (2021). In November 2020, Consumer Reports rated openpilot higher than other driver-assistance systems, such as Tesla Autopilot, Cadillac Super Cruise, and Ford Co-Pilot 360, especially for how easy it was to use. As of 2025, openpilot works with over 300 car models, and users have driven more than 100 million miles using it.
In October 2022, Hotz stepped down from daily leadership at comma.ai, saying the company had grown beyond the stage where his skills were most needed. He remained on the company’s board but left entirely in November 2025.
In November 2022, Hotz founded tiny corp, a company that works to adapt machine learning tools for hardware devices.
On May 24, 2023, tiny corp announced it raised $5.1 million to build computers for machine learning and create a neural network framework called tinygrad. tinygrad aims to combine the simplicity of Andrej Karpathy’s micrograd framework with the features of PyTorch. It seeks to improve performance through methods like dynamic compilation, combining operations, and a simplified system. tinygrad is currently used to help comma.ai’s openpilot software run on hardware that includes a Snapdragon 845 GPU.
tiny corp also builds the tinybox, a $15,000 AI computer designed for training and running models locally, acting as a personal computing cluster.
Other activities and recognition
Hotz was a finalist at the 2004 Intel International Science and Engineering Fair (ISEF), a science competition for high school students, in Portland, Oregon. His project was called "The Mapping Robot." He was interviewed on the Today Show and Larry King Show. Hotz was a finalist again at the 2005 ISEF competition with his project "The Googler."
In 2007, Hotz competed at the ISEF with a 3D imaging project named "I want a Holodeck." His project won awards and prizes in several categories, including a $20,000 Intel scholarship. He traveled to Sweden to speak about the project at the Stockholm International Youth Science Seminar.
In March 2008, PC World named Hotz one of the top 10 Overachievers under 21.
In August 2013, Hotz attended the DEF CON hacker convention with Carnegie Mellon's Plaid Parliament of Pwning (PPP). PPP won first place in the DEF CON Capture the Flag (CTF) tournament. Later that year, Hotz competed in the 2013 New York University Tandon School of Engineering Cyber Security Awareness Week (CSAW). He worked alone and won first place under the pseudonym tomcr00se. In August 2014, Hotz joined PPP again and won the DEF CON CTF tournament for the second year in a row. The team also won the DEF CON "Crack Me If You Can" tournament.
In 2013, Hotz started making hip hop music on his SoundCloud account, tomcr00se. As of April 2025, he has created 28 original songs and covers.
Hotz also has a Twitch channel where he often streams programming live. As of April 2025, his Twitch channel has more than 83,000 followers.
In February 2020, Hotz founded the cryptocurrency called cheapETH.