Awarded a bounty for BMW Automotive

Overview

Over the past few months, we've been conducting vulnerability research and analysis on BMW vehicles.

The vulnerability described here involves BMW's automotive Ethernet protocol, known as SOME/IP. An attacker could exploit this by crafting and sending malicious Ethernet packets, causing the targeted service to crash and potentially leading to a denial-of-service (DoS) condition.

We responsibly disclosed this vulnerability to BMW and received a $500 bug bounty reward. Additionally, our discovery was officially recognized in BMW's Hall of Fame for the year 2022.

• Vulnerability