Cyberthreats in Formula 1: How safe is the sport?

With Formula 1 becoming more technologically advanced all the time, it’s no surprise that just a single hacker potentially has the capacity to create mayhem in a team.

Teams have been especially careful ever since the 2008 Singapore Grand Prix, when Mark Webber’s Red Bull retired due to a gearbox failure, notably from an electrical interference from what seemed to be an underground line.

The cause of this interference remains today still under debate, however is a warning beacon and a reminder of how careful teams need to be with the potential risk of a hacker which could wreck havoc.

In a world where technology is paramount and so widely used, the threat that was uncovered back in 2008 is only a small part of the picture of what a hacker could truly do if they were to delve deeper into Formula 1 electronics.

Kaspersky’s war on hackers

Anti-virus companies such as Kaspersky work with Ferrari, due to the high risk of interference and the cost if something does go wrong would be huge.

Alexander Moiseev, chief Sales Officer of Kaspersky, acknowledges and understands the ever-expanding sophistication of hackers, and the risk a team would run if they attempted to run a car without guarded protection- theft of data and even the possibility of control of the car being taken over.

screen-shot-2014-09-25-at-12-49-37-e1411645829527
Moiseev: Without protection, the doors are open.

I don’t want to create a black sky, but technically without protection, the doors are open,” Moiseev spoke.

All teams have their own IT departments, they have security and knowledge themselves but protection is fundamental.

“We have done a huge work with Ferrari over a year and a half. We learned a lot to adjust the product and create solutions.

“We did a lot of education in terms of cyber security because their way of seeing threats was different from what we do.

“If they lived without protection, it would be like if you have a perfect home and put no locks on the door. Would it be easy to access it?

A number of the established hacker groups choose to hack in order to obtain money or frighten people, but it is understood that some would be equally happy to take down an F1 team.

If you try to analyse the number of threats and targeted attacks that are happening over a weekend, they are happening because there are more people and bigger crowds – so it is really extreme for our protection system,” he added.

The protection for the team starts at the pit wall and ends up at the tracks and with the factory itself.

“Then of course, the data itself – it is very vulnerable. It is always under attack, the question is how the bad guys will decide to attack it.

However, it is not just external threats that are a worry, there is also the risk of an inside threat- a rival team could be tempted to hack into another’s system in order to gain an advantage.

The worry about the safety of the teams’ data is always a problem in the sport, and this was highlighted in 2007, during the espionage controversy, also known as ‘spygate’.

What was ‘spygate’?

‘Spygate’ involved allegations that McLaren was passed secret technical information from Ferrari, and that Renault was given confidential technical information from McLaren.

The case involved allegations made by the Ferrari against Nigel Stepney, a former employee, a senior McLaren engineer, Mike Coughlan, and his wife about the theft of technical data.

74613311_nigel_stepney_getty
Allegations were made against Stepney, a former Ferrari employee.

After an FIA hearing on 13 September 2007, it was discovered that there was compelling evidence which resulted in several penalties for McLaren. The most important of these were the team’s exclusion from the 2007 Constructors’ Championship and a large fine of $100 million.

Stepney was also sentaced to 20 months in prison.

ECU’s

So, since 2008, all teams have been required to have an ECU, supplied to them by McLaren Applied Technology, and a great endeavour has gone in to ensure that it is safe from potential hackers.

ecu
ECU, McLaren Electronic Systems

The processors within the ECU are supplied by a company called Freescale, an American company that full well understands the past, present and future threats, and has worked hard in order to create an impenetrable system.

We went through a situation 10-15 years ago where we found people were playing with standard ECUs to get them into a vulnerable state [so they could potentially be hacked],” Peter Highton, a man who is largely involved in the F1 side of the company, stated.

The way to do it was to play around with the voltage. So you would drop the voltage very low and bring it back up again, and it would put the ECU into a reset mode. At this point they could put a debugger in and say, ‘oh it is just starting to run code now’.

“So they could hack in before the system had started running properly. What we’ve now done is build into chips to look into strange voltage variations, strange clock variations and tampering. Even there, we have tried to make it as physically difficult as possible to get into it.

“The latest devices, if they see a tamper, will just erase something. There will be nothing to debug.

Problem solved?

Despite all the hard work going into preventing hackers from endangering the sport, it is still a case of remaining one step ahead of the hackers.

Unfortunately for us, with the bad guys there are a lot of guys working with good minds,” Moiseev spoke.

Bad minds in terms of understanding the world but good minds in terms of technology.

“The malware world is really a business, a huge business. But the things they do, the groups they have and the technology they realise, just seeing some samples from what we have on our database, the investment to create such a weapon is huge.

“Some are targeted to release money, some are targeted to scare people – but the investment is huge. Unfortunately, we need to be constantly updated.

As the world is constantly changed and becoming more and more connected, with us being able to connect smartphones to cars, the danger ever-increases with the security of Formula 1.

However, for now, the sport remains clean, as no hacker has yet managed to take control and stop a car, or wipe data from a team.

Even so, although it is not commonly thought about day-to-day for the majority of us, the sport is still vulnerable, and it is thanks to the hard work and dedication of many people that labour to keep Formula 1 safe.

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s