BMW GROUP. SECURITY.
The security of our products and services is top priority for us – so we naturally respect and appreciate the work of security experts in this area. You can also help us by identifying vulnerabilities so we can address them.
If you have found a vulnerability, please contact us using the form below or directly through our BugBounty program at HackerOne.
Notes on how to report vulnerabilities:
- Please refer to our policy on reporting and publishing vulnerabilities and our response times.
- Please submit your report in English or German, if possible.
- Please specify to which website or area you are referring (Asset) and which vulnerability type (Weakness) it is.
- In the case of a report that cannot be assigned to any of the listed assets, please select "Other Vulnerabilities" and note the information on potentially deviating regulations.
- So that we can understand your report quickly and efficiently, please include a proof of concept and a detailed description.
- Please give us time to develop and roll out countermeasures, before you make technical details public (Responsible Disclosure).
Recognition of security experts.
The BMW Group wishes to thank and acknowledge the security experts who are the first to identify vulnerabilities. Thanks to their support and the countermeasures developed by us, we continue to enhance the security of our products and services.
We also list a thank you page on HackerOne.
Xie Ziming (@ltdzzzz777)
360 SkyGo Team
Fat Selimi (https://www.linkedin.com/in/fatselimi)
Independent Security Researcher
Ali Kardaslar
Independent Security Researcher
Ignacio Laurence
Independent Security Researcher
Jinay Patel (eth0)
Independent Security Researcher
João Morais
Independent Security Researcher
Danila Parnishchev, Dmitry Sklyar, Radu Motspan, Alexander Korotin,
Alexander Zaytsev, Kirill Nesterov, Gleb Gritsai, Alexey Osipov
AO Kaspersky Lab
Aditra Andri Laksana (@Wayc0de)
Independent Security Researcher
Alejandro Hernandez
IOActive, Inc.
Chi Tran
ctrsec.io
Daniel Bastos
Independent Security Researcher
Denys Vozniuk
Vdoo
Fatih Çelik
Bilishim Cyber Security & Artificial Intelligence
Hakuna Matata
DX Security
Harshal S. Sharma (@thewar10ck_)
Independent Security Researcher
Hoang Quoc Thinh (@g4mm4)
CyberJutsu.IO
Irfan Sayyed
Independent Security Researcher
Ismail Tasdelen
Independent Security Researcher
Jeffrey Hoekema
Independent Security Researcher
Jerem
Independent Security Researcher
Kiran Karnad (@ipentest)
Independent Security Researcher
Lütfü Mert Ceylan
Independent Security Researcher
Mohammed Adam
Independent Security Researcher
Pankaj Kumar Thakur (@Nep_1337_1998)
Independent Security Researcher
Patrick Lang / @0x7YR
Independent Security Researcher
Pethuraj M
Independent Security Researcher
Piyush Patil
Independent Security Researcher
Pranay Bafna
Independent Security Researcher
Priyanka Revar
Independent Security Researcher
Pranshu Tiwari
Independent Security Researcher
Raphael Karger
Independent Security Researcher
Sarvesh Salgaonkar
Independent Security Researcher
SecurityMate (@securitymate)
Independent Security Researcher
Steffin Stanly (@SteffinStanly)
Independent Security Researcher
Subbu Ganesan
Independent Security Researcher
Wai Yan Aung (@waiyanaun9)
Independent Security Researcher
Pavel Cheremushkin, Vladimir Dashchenko, Andrey Muravitsky, Roland Sako
AO Kaspersky Lab
Aditya Yadamreddy & Sandeep Gumadam
Independent Security Researchers
Ahmed Elsadat
Independent Security Researcher
Alex Chepovetsky
Independent Security Researcher
Alexis Laborier
Independent Security Researcher
Alfie Njeru
Independent Security Researcher
Alireza Azimzadeh Milani
Independent Security Researcher
Andi Rrahmani
Independent Security Researcher
Ashiq Mohammed
Independent Security Researcher
Aykut Akar
Independent Security Researcher
Daniel Kalinowski
ISEC.pl Research Team
Dinh Quang Vu and Trung Nguyen (@everping)
CyStack Security
Hsu Myat Noe
Independent Security Researcher
Jinay Patel (eth0)
Independent Security Researcher
Kasper Karlsson
Omegapoint
Krystian Powójski
Independent Security Researcher
Michael Kjeldsen
Independent Security Researcher
Miguel Santareno
Independent Security Researcher
Mohammed Adel
Independent Security Researcher
Mohan Balaji
Briskinfosec
Mustafa Can Ipekci
Independent Security Researcher
Pankaj Kumar Thakur
Independent Security Researcher
Romain 'NERVx' Lechevalier
Cybup
Saeel Relekar
Independent Security Researcher
Safwat Refaat (@Caesar302)
Independent Security Researcher
Shezad Master
Independent Security Researcher
Shakhawat Parvez
SecMiners
Sumit Grover (@sumgr0)
Independent Security Researcher
Syed Abuthahir
Independent Security Researcher
Tinu Tomy
Independent Security Researcher
Umar Ahmed Siddiqui
Independent Security Researcher
Wai Yan Aung
Independent Security Researcher
Wei Xuan Z
Independent Security Researcher
X. Alex Daniel Raj
Independent Security Researcher
KEEN SECURITY LAB
Tencent
CVE-2018-9311; CVE-2018-9312; CVE-2018-9313;
CVE-2018-9314; CVE-2018-9318; CVE-2018-9320;
CVE-2018-9322
SI9INT
Independent Security Researcher
JUSTIN LISTER
Adaptiv Pte Ltd
FLORIAN KUNUSHEVCI
Independent Security Researcher
DIETER SPAAR
on behalf of the ADAC