Spying, sabotage, and leaks: The cyber threats within Formula One

Privacy news
10 mins
Picture of a McLaren Formula One car on top of digital code

The engines are revving, the teams are prepping, and the tension is mounting. As the 2023 Formula 1 season gears up for its start on March 5, drivers, teams, and organizers aren’t just preparing for on-track battles. They’re also facing a new and growing concern: cybersecurity.

Cyber threats against Formula One teams

From the design of the cars to the performance of the engines, every aspect of F1 is optimized for speed and efficiency. But with its reliance on technology comes its vulnerability to cyberattacks.

Many of the cyber threats that F1 teams face are similar to the ones organizations around the world battle constantly—such as phishing attacks attempting to steal usernames, passwords, and other sensitive information, or the constant threat of ransomware. Others are more sinister and involve spying or deliberate data leaks.

  1. Cyber espionage: With so much valuable data and intellectual property at stake, teams are constantly trying to gain an edge over their rivals. A cyberattack that allows one team to spy on another could compromise this information and give them an unfair advantage.
  2. Data breaches: F1 teams and the FIA, the sport’s governing body, collect and store vast amounts of data—including race telemetry, driver performance metrics, and strategic information about car design and development. A cyberattack that targets this data could result in the serious loss of sensitive and valuable information. 
  3. Intellectual property theft: F1 teams invest significant resources in designing and developing their cars and related technology. A cyberattack that steals intellectual property could give a rival team a shortcut to success, and reduce the value of a team’s investment.
  4. Malware attacks: Malware is malicious software that infects computers, networks, and other digital devices, and can be used to steal sensitive data such as race strategies, financial information, and intellectual property. Malware can also be used to disrupt the operations of F1 teams and their partners.
  5. DDoS attacks: Distributed Denial of Service (DDoS) attacks involve overwhelming a website or online service with traffic in an attempt to render it inaccessible. DDoS attacks targeting F1 websites or services could disrupt fans’ access to live streams and race results, as well as cause reputational damage to teams and sponsors.
  6. Insider threats: These types of threats involve an individual with legitimate access to an organization’s systems or data, who intentionally or unintentionally causes harm. For example, an insider threat could come from a disgruntled employee or an unscrupulous contractor who leaks sensitive race data to competitors or the media.

If any one of the abovementioned attacks is successful, they could cause chaos on the F1 track because so many systems and devices are connected to the network. Unfortunately for some teams, they’ve experienced these negative consequences first-hand. 

Biggest cyberattacks and data breaches in F1 history

Over the years, there have been a handful of high-profile cyberattacks and acts of sabotage on F1 teams and drivers, resulting in leaked confidential data, disrupted operations, and hefty financial losses.

Spygate: data leak from Ferrari to McLaren (2007)

In 2007, McLaren was caught up in a major espionage scandal. A Ferrari engineer named Nigel Stepney—who was once part of Michael Schumacher’s “Dream Team”—was found to have leaked technical information to McLaren’s chief designer, Mike Coughlan. The information included design drawings, testing data, and even the team’s radio codes, and was allegedly used to improve the performance of McLaren’s cars. 

Stepney apparently hacked into Ferrari’s computer systems and stole 800 pages worth of technical data, which was then passed on to Coughlan. As a result, McLaren was fined 100 million USD (the largest fine in sporting history) and excluded from the 2007 Constructor’s Championship. Both Coughlan and team principal Ron Dennis were forced to resign. Stepney was handed a suspended prison sentence and a 640 USD fine for his role in the scandal. 

Hamilton’s Twitter overshare (2012)

Lewis Hamilton caused a stir on social media when he posted confidential pictures of his and race winner Jenson Button’s qualifying telemetry for the Belgium Grand Prix on Twitter. 

At the time, the seven-time world champion was complaining about what he saw as unfair treatment by his team, McLaren, compared with that towards his teammate. He believed that Button was receiving preferential treatment in terms of car setup and that this was putting him at a disadvantage.

The telemetry data that Hamilton posted on Twitter showed the differences in the setup of his and Button’s cars, and he used it to illustrate his point. However, the move was highly controversial, with many criticizing Hamilton for breaching the trust between driver and team by leaking the data.

Of the incident, Button said: “We work so hard to improve the car and to keep things like that private. I didn’t want to see it on Twitter.” 

Marussia and the Trojan virus (2014)

After a Marussia engineer accidentally downloaded a Trojan-type virus onto the F1 team’s computer system, they lost an entire day of testing data during the winter testing session in Bahrain in 2014. This resulted in Marussia starting the season on the back foot, likely contributing to their poor performance.   

Also, while the virus only affected the team’s servers and not the car itself, it did raise questions about the possibility of an F1 car being hacked while on the track. 

Mercedes’s data theft saga (2015)

Mercedes sued one of its former engineers, Benjamin Hoyle, after he allegedly stole trade secrets and technical information from the Mercedes F1 team before his planned move to Ferrari the following year, with the intention of giving the Italian team a competitive advantage. 

At the time, Mercedes was on track to win the Constructor’s Championship title for the second time in a row (the Silver Arrows remained undefeated from 2014-2020), making Hoyle’s alleged betrayal even more damning. 

Hoyle apparently accessed and recorded engine mileage, damage, and raw data from the 2015 Hungary Grand Prix. He was caught after Mercedes learned that he saved the data on his personal computer, with Hoyle reportedly attempting to delete it to cover his tracks. He was subsequently dropped by Ferrari and barred from working in F1 by the FIA. 

Honda hit by WannaCry ransomware attack (2017)

The Japanese car manufacturer was hit by the widespread WannaCry ransomware attack, which affected its computer systems in Europe, North America, and Japan. The ransomware cryptoworm—allegedly created by Lazarus Group—encrypted the files on all of Honda’s older production line computers, making user access impossible. The hacking group demanded Bitcoin in exchange for decryption. 

At the time, the attack impacted a number of Honda’s operations, forcing the company to temporarily shut down production at several facilities—including its Sayama plant, which is responsible for the F1 engines it supplied to Red Bull-owned teams. Fortunately, none of the races were affected as a result of the attack. 

Data breach at Renault Sport by hacker group (2017)

Another notable example of a cyberattack in F1 occurred when the Renault Sport F1 team was targeted by hackers who managed to gain access to their confidential technical and strategic data, which was instrumental in developing their tactics and game plan.

Upon investigation, the attack was traced back to a group of hackers located in Eastern Europe who wanted to sell the stolen data to rival Formula 1 teams—which could have been a potentially devastating blow to Renault. 

While no data was said to have been leaked, in response to the attack, the FIA urged teams to step up efforts to boost their cybersecurity.  

Racing Point’s brake duct copycat controversy (2020)

In 2020, Racing Point was accused of illegally copying the brake ducts of Mercedes’s championship-winning car from the previous year. The FIA launched an investigation after complaints were made by rival teams. Racing Point was found guilty of breaching regulations relating to the use of listed parts, and the team was fined 427,000 USD and docked 15 championship points. 

The incident raised questions about whether Racing Point gained unauthorized access to Mercedes’s digital designs—with some critics suggesting it was a form of cyber espionage. 

Williams’s augmented-reality reveal disrupted by cyberattack (2021)

Williams Racing suffered a major cyberattack that caused disruptions to the unveiling of the F1 team’s new livery for its FW43B car, which was planned to be presented to fans through an augmented reality app. 

As a result of the breach, Williams was forced to take down its app and cancel the launch, presenting the new car via a series of images instead. The team also released a statement acknowledging the breach, reassuring fans that the team was working to improve its cybersecurity measures.

Formula 1 app sends fans cryptic notifications (2021)

Racing fans around the globe were sent a range of bizarre push notifications after the official F1 mobile app was hacked. The notifications contained a mix of letters, numbers, and symbols, which appeared to be random. The first read, “foo” which is a placeholder name from program elements often used by programmers when sharing sample code with others. Another more cryptic message read: “Hmmmm, I should check my security.. :)”

The incident was quickly rectified and F1 issued an apology to assure users that the targeted attack was limited to the Push Notification Service, and that it had no reason to believe that any customer data had been accessed. 

Ferrari faces ransomware attack and NFT scam (2022) 

After dropping Kaspersky as a cybersecurity partner and long-time sponsor, the Italian team suffered a cyberattack. According to reports, internal documents were stolen by a ransomware group called RansomEXX, which claimed that it also took datasheets, manuals, and 7 gigabytes worth of other information. 

The attack followed an earlier threat on Ferrari, when the car manufacturer announced its plans to craft non-fungible tokens (NFTs). A subdomain of the famous brand was compromised and used to host an NFT scam several months after the official announcement was first made before it was identified and taken down. 

How F1 teams are fighting cyberattacks 

As data breaches and digital threats become more frequent and sophisticated, cybersecurity has become a major concern for F1 teams and organizers. So it only makes sense that they’ve invested in new technologies and systems to protect their data and networks—going so far as to bring cybersecurity companies on board as key sponsors.

For example, just a few days prior to the Emilia Romagna Grand Prix in 2020, the 13th race of the season, hackers created a sophisticated phishing email. According to Chris Hicks, group CIO at McLaren, it was directed at Zak Brown, the CEO of McLaren, and disguised to look like a business-related email—but it contained a malicious link. 

Despite the best efforts of the hackers, the email went straight to Brown’s junk mail thanks to McLaren fending off the attack using technology supplied by Darktrace—the team’s official cybersecurity partner. 

And McLaren isn’t alone. As cybercriminals get more advanced, and competition between teams remains rife, other F1 teams have followed suit and adopted similar cybersecurity measures to protect their systems and data.

Here are a few of the ways that some F1 teams claim they thwart cyberattacks: 

  • Securing endpoints: Ensuring that the cybersecurity of an F1 team is strong enough to protect against threats starts with securing the endpoints—the laptops, tablets, and other devices that members of staff use on a daily basis.
  • Data encryption: Encryption ensures that if someone intercepts data, they won’t be able to read it without the appropriate decryption key. 
  • Firewall protection: Firewalls filter incoming and outgoing network traffic based on predetermined security rules, preventing cybercriminals from gaining unauthorized access to F1 team systems and networks.
  • Multi-factor authentication (MFA): MFA adds an extra layer of security to accounts and systems, requiring users to provide multiple forms of identification, such as a password and a unique code sent to their mobile device.
  • Employee training: Cybersecurity training helps raise awareness among teams of potential threats and how to prevent them. This training includes information on phishing scams, social engineering attacks, and other types of cyberattacks.
  • Network Segmentation: Network segmentation isolates critical systems and data from other parts of an F1 team’s networks, preventing a breach of one system from compromising another.
  • Vulnerability scanning and penetration testing: Regular vulnerability scanning and penetration testing help identify and address potential weaknesses in an F1 team’s network, system, and applications.
  • Third-party security assessments: Along with their key cybersecurity sponsors, some F1 teams engage third-party security firms to perform security assessments and audits to identify vulnerabilities and provide recommendations for improving security.

Learn how to watch every F1 race live stream during the 2023 season


FAQ: Formula 1 cybersecurity

Who sponsors F1 cybersecurity?
What technology is used in Formula 1 cars?
Who is Red Bull’s F1 cybersecurity partner?
Who is Ferrari’s cybersecurity partner?
Who is Mercedes’ cybersecurity partner?
stream on smart tvs and phones
Best VPN for smart TVs and streaming devices
What is a VPN?
Stream with a VPN on smart TVs, phones, and more
Best VPN for smart TVs and streaming devices
Learn how to stream to the big screen
I like hashtags because they look like waffles, my puns intended, and watching videos of unusual animal friendships. Not necessarily in that order.