BMW GROUP. SECURITY.
The security of our products and services is top priority for us – so we naturally respect and appreciate the work of security experts in this area. You can also help us by identifying vulnerabilities so we can address them.
If you discover a vulnerability, please contact us.
Always ensure that your message is encrypted.
You can use our PGP key for this purpose and add your public PGP key in return.
Notes on how to report vulnerabilities:
- Please write your correspondence in English or German, if possible.
- Please provide your name and contact information.
- So that we can understand your report quickly and efficiently, please include a proof of concept and a detailed description.
- Please give us time to develop and roll out countermeasures, before you make technical details public (Responsible Disclosure).
- Common vulnerabilites are excluded.
We will try to respond to your message and provide you with feedback within two to three business days.
Recognition of security experts.
The BMW Group wishes to thank and acknowledge the security experts who are the first to identify vulnerabilities. Thanks to their support and the countermeasures developed by us, we continue to enhance the security of our products and services.
Pavel Cheremushkin, Vladimir Dashchenko, Andrey Muravitsky, Roland Sako
AO Kaspersky Lab
Aditya Yadamreddy & Sandeep Gumadam
Independent Security Researchers
Ahmed Elsadat
Independent Security Researcher
Alex Chepovetsky
Independent Security Researcher
Alexis Laborier
Independent Security Researcher
Alfie Njeru
Independent Security Researcher
Alireza Azimzadeh Milani
Independent Security Researcher
Andi Rrahmani
Independent Security Researcher
Ashiq Mohammed
Independent Security Researcher
Aykut Akar
Independent Security Researcher
Daniel Kalinowski
ISEC.pl Research Team
Dinh Quang Vu and Trung Nguyen (@everping)
CyStack Security
Hsu Myat Noe
Independent Security Researcher
Jinay Patel (eth0)
Independent Security Researcher
Kasper Karlsson
Omegapoint
Krystian Powójski
Independent Security Researcher
Michael Kjeldsen
Independent Security Researcher
Miguel Santareno
Independent Security Researcher
Mohammed Adel
Independent Security Researcher
Mohan Balaji
Briskinfosec
Mustafa Can Ipekci
Independent Security Researcher
Pankaj Kumar Thakur
Independent Security Researcher
Romain 'NERVx' Lechevalier
Cybup
Saeel Relekar
Independent Security Researcher
Safwat Refaat (@Caesar302)
Independent Security Researcher
Shezad Master
Independent Security Researcher
Shakhawat Parvez
SecMiners
Sumit Grover (@sumgr0)
Independent Security Researcher
Syed Abuthahir
Independent Security Researcher
Tinu Tomy
Independent Security Researcher
Umar Ahmed Siddiqui
Independent Security Researcher
Wai Yan Aung
Independent Security Researcher
Wei Xuan Z
Independent Security Researcher
X. Alex Daniel Raj
Independent Security Researcher
KEEN SECURITY LAB
Tencent
CVE-2018-9311; CVE-2018-9312; CVE-2018-9313;
CVE-2018-9314; CVE-2018-9318; CVE-2018-9320;
CVE-2018-9322
SI9INT
Independent Security Researcher
JUSTIN LISTER
Adaptiv Pte Ltd
FLORIAN KUNUSHEVCI
Independent Security Researcher
DIETER SPAAR
on behalf of the ADAC
