BMW GROUP. SECURITY.
The security of our products and services is top priority for us – so we naturally respect and appreciate the work of security experts in this area. You can also help us by identifying vulnerabilities so we can address them.
If you have found a vulnerability, please contact us using the form below or directly through our BugBounty program at HackerOne.
Notes on how to report vulnerabilities:
- Please refer to our policy on reporting and publishing vulnerabilities and our response times.
- Please submit your report in English or German, if possible.
- Please specify to which website or area you are referring (Asset) and which vulnerability type (Weakness) it is.
- In the case of a report that cannot be assigned to any of the listed assets, please select "Other Vulnerabilities" and note the information on potentially deviating regulations.
- So that we can understand your report quickly and efficiently, please include a proof of concept and a detailed description.
- Please give us time to develop and roll out countermeasures, before you make technical details public (Responsible Disclosure).
Recognition of security experts.
The BMW Group wishes to thank and acknowledge the security experts who are the first to identify vulnerabilities. Thanks to their support and the countermeasures developed by us, we continue to enhance the security of our products and services.
We also list a thank you page on HackerOne.
Pavel Cheremushkin, Vladimir Dashchenko, Andrey Muravitsky, Roland Sako
AO Kaspersky Lab
Aditya Yadamreddy & Sandeep Gumadam
Independent Security Researchers
Ahmed Elsadat
Independent Security Researcher
Alex Chepovetsky
Independent Security Researcher
Alexis Laborier
Independent Security Researcher
Alfie Njeru
Independent Security Researcher
Alireza Azimzadeh Milani
Independent Security Researcher
Andi Rrahmani
Independent Security Researcher
Ashiq Mohammed
Independent Security Researcher
Aykut Akar
Independent Security Researcher
Daniel Kalinowski
ISEC.pl Research Team
Dinh Quang Vu and Trung Nguyen (@everping)
CyStack Security
Hsu Myat Noe
Independent Security Researcher
Jinay Patel (eth0)
Independent Security Researcher
Kasper Karlsson
Omegapoint
Krystian Powójski
Independent Security Researcher
Michael Kjeldsen
Independent Security Researcher
Miguel Santareno
Independent Security Researcher
Mohammed Adel
Independent Security Researcher
Mohan Balaji
Briskinfosec
Mustafa Can Ipekci
Independent Security Researcher
Pankaj Kumar Thakur
Independent Security Researcher
Romain 'NERVx' Lechevalier
Cybup
Saeel Relekar
Independent Security Researcher
Safwat Refaat (@Caesar302)
Independent Security Researcher
Shezad Master
Independent Security Researcher
Shakhawat Parvez
SecMiners
Sumit Grover (@sumgr0)
Independent Security Researcher
Syed Abuthahir
Independent Security Researcher
Tinu Tomy
Independent Security Researcher
Umar Ahmed Siddiqui
Independent Security Researcher
Wai Yan Aung
Independent Security Researcher
Wei Xuan Z
Independent Security Researcher
X. Alex Daniel Raj
Independent Security Researcher
KEEN SECURITY LAB
Tencent
CVE-2018-9311; CVE-2018-9312; CVE-2018-9313;
CVE-2018-9314; CVE-2018-9318; CVE-2018-9320;
CVE-2018-9322
SI9INT
Independent Security Researcher
JUSTIN LISTER
Adaptiv Pte Ltd
FLORIAN KUNUSHEVCI
Independent Security Researcher
DIETER SPAAR
on behalf of the ADAC