"The connected vehicle is a rising target. Like a lot of security professionals, we rely on external partners" to find vulnerabilities, said Michael Gruffke, a cybersecurity engineer with BMW. To establish trust, "you want to find out who you are working with."
Geopolitical rivalries between Western nations and their foes have bled into the digital world. Hacking companies for trade secrets or, potentially, to create havoc or internal chaos has been a cheap and easy tactic for nations such as Russia, North Korea, Iran and China.
"If I wake up and I see millions of vehicles crash due to cyberattacks, I'm going to assume that's a nation-state actor," said Justin Cappos, a computer science professor at New York University's Tandon School of Engineering who has worked on methods for securing vehicles from a cyberattack. "It does require certain facilities that a smaller hacking group wouldn't be able to do."
These scenarios, although largely prospective, play in the background of collaborations across the murky world of cybersecurity experts and hackers, often entangling with concerns that could border on the paranoid and xenophobic.
BMW's work with Keen Security Lab is one of the more high-profile examples of this phenomenon in the industry.
Executives at the German carmaker dismiss concerns over Keen's national origins, citing the researchers' professionalism and reputation in the consumer electronics industry, where the lab has partnered with Silicon Valley heavyweights such as Apple and Google.
In 2016, Keen researchers began studying automotive cybersecurity by . They later undertook the BMW project.
"BMW belongs to the top 5 percent in automotive IT security, which made it a highly challenging task for our sophisticated team," said Samuel Lv, director of Tencent Keen Security Lab, in a statement. The Keen team spent more than a year trying to hack a variety of BMW vehicles, including the i3, X1, 525Li and 730Li.
The eventual collaboration between the two companies is an example of the car industry, fiercely protective of intellectual property, opening up to the security community. That move is what NYU's Cappos said is a "culture shift" and could be the key to making sure vehicles are up to date for constantly evolving cyberattacks.