July 12, 2026
Could Someone Hack Formula 1 Telemetry?
Every few months, somewhere on Reddit or Twitter/X, the same question resurfaces: could a hacker mess with an F1 car’s telemetry mid-race…
By Alouli Mohamed Zaid
10 min read
Every few months, somewhere on Reddit or Twitter/X, the same question resurfaces: could a hacker mess with an F1 car's telemetry mid-race? Could someone spoof a tire temperature, fake a brake pressure reading, or in the most dramatic version of the story, send a malicious command to the car itself?
It's a great question, and it deserves a real answer instead of a shrug. So this article does three things. First, it explains what F1 telemetry actually is, in plain language. Second, it walks through the realistic attack surface, the places where a motivated attacker could actually cause damage, based on things that have already happened in F1's paddocks. Third, it explains, using publicly documented engineering and regulatory facts, why the live telemetry link itself is an unusually hard target, and what any of this has to teach the rest of us who don't work in motorsport.
One ground rule before we start: everything here is built from publicly available sources, team and FIA statements, industry reporting, and documented incidents. Where I'm inferring something rather than citing it directly, I'll flag it clearly as an assumption.
Part 1: What telemetry actually is
An F1 car carries over 250 sensors, generating roughly 1.1 million data points per second across a race weekend and up to a terabyte of data in total. Those sensors track things like:
- Engine RPM, throttle position, and torque
- Brake temperature and pressure
- Tire pressure and surface temperature
- Suspension travel and chassis loads
- Fuel flow and hybrid energy deployment (ERS)
- Steering angle, g-forces, and driver inputs on the wheel
single, FIA-mandated control unit built by McLaren Applied that every team has used since 2008. Because every car runs the same ECU hardware and firmware, the FIA can log and audit every team equally, which closes off a lot of the "who's cheating with software" arguments that plagued the sport in the 2000s.
From the SECU, the data is compressed, encoded, and pushed out over a dedicated wireless network built specifically for Formula 1 by Formula One Management (FOM) historically based on the WiMAX (802.16) standard, with access points positioned around each circuit forming an overlapping mesh so the signal doesn't drop out as the car moves. That data lands at two destinations at minimum: the team's pit wall, for real-time engineering decisions, and often the team's home factory, where a larger analysis group is watching the same feed. The FIA also receives its own parallel feed for compliance monitoring, checking fuel usage, ERS deployment, and rule compliance in real time.
Part 2: The realistic attack surface
If the live sensor-to-pit-wall link is that hard to touch, where would a realistic attacker actually go? This is where public incident history is genuinely useful, because F1 teams have been attacked — just not in the "car gets remote-controlled" sense.
1. Corporate email and social engineering. This is, by a wide margin, where real F1 cyberattacks have happened. In 2020, ahead of the Emilia Romagna Grand Prix, attackers built a convincing phishing email aimed directly at McLaren Racing CEO Zak Brown, disguised as ordinary business correspondence. It was caught by McLaren's security partner, Darktrace, before Brown ever saw it. Williams Racing has described attackers registering lookalike domains for its email addresses — swapping a lowercase "l" for a capital "L," for instance — to trick staff into believing a fraudulent message came from inside the company. Williams' security team has also described "man-in-the-inbox" style attacks, where a compromised mailbox is used to intercept a real supplier conversation and redirect a payment to a different bank account.
2. Fan-facing apps and marketing infrastructure. In 2021, Williams Racing had to cancel the augmented-reality livery reveal for its FW43B car after attackers compromised the app and defaced it before launch. Separately, the official F1 mobile app was compromised and used to push bizarre, garbled notifications to fans, including messages referencing placeholder code and prompting the sender to "check my security." These incidents show that fan-facing digital products — often built and hosted by third-party vendors — are softer targets than core racing systems.
3. Ransomware and IT infrastructure. Ferrari's IT environment was reportedly hit by the RansomEXX group, which claimed to have exfiltrated internal documents, and Ferrari separately dealt with an NFT scam after a subdomain was compromised. Williams has described weathering a ransomware attempt back in 2014 that was caught early enough on a Friday morning to avoid serious damage — team security staff have noted that had the same attack landed a few hours later, it could have spent an entire race weekend encrypting data undetected. Honda's manufacturing operations were also disrupted by the 2017 WannaCry outbreak, a reminder that motorsport organizations are exposed to the same untargeted malware that hits everyone else.
4. Insider risk and IP leakage (not strictly "hacking," but adjacent). The most consequential data-security failure in F1 history, the 2007 "Spygate" scandal, wasn't a network intrusion at all — it was a Ferrari employee passing roughly 780 pages of confidential technical documents to a McLaren designer. McLaren was fined $100 million and stripped of its constructors' points. It's a useful reminder that "security" in a paddock context is as much about people, contracts, and access control as it is about firewalls.
5. The FIA itself. Even the governing body isn't exempt — the FIA confirmed that two personal email accounts belonging to senior officials were compromised via phishing in 2024. And in July 2024, the global CrowdStrike outage disrupted IT systems at Mercedes, Aston Martin, Williams, and McLaren — a good illustration of how supply-chain and vendor dependencies can hit an entire sport at once, without anyone being "hacked" in the traditional sense at all.
Diagram idea #2 — "F1 Attack Surface Map": a hub-and-spoke diagram with "F1 Team Operations" in the center, and spokes labeled Corporate Email / Executive Accounts, Fan Apps & Marketing Sites, Cloud & On-Prem IT Infrastructure, Third-Party Vendors & Suppliers, Insider Access, and — drawn with a dotted line and a padlock icon to visually indicate "much harder" — Live Trackside Telemetry Link. The dotted line is the point: everything else is a normal enterprise attack surface; the live telemetry link sits in its own, much better-defended category.
Notice the pattern: every documented, real F1 cyber incident happened in the "normal enterprise IT" layer — email, apps, ransomware, insiders — not in the live sensor-to-pit-wall pipeline. That's not a coincidence; it reflects how differently that pipeline is engineered and governed, which is the subject of Part 3.
Part 3: Why the live telemetry link itself is such a hard target
Assume, for a moment, that an attacker specifically wants to interfere with the live race telemetry — not the corporate network, the actual sensor-to-pit data stream during a session. Here's why that's a much harder problem than it sounds, based on what's publicly documented about how the system is built and governed.
It's a closed, purpose-built network, not the public internet. The trackside wireless network is operated by Formula One Management specifically for this purpose, using tightly controlled frequencies at each circuit. There's no public IP address to scan, no open Wi-Fi SSID to associate with, and no standard enterprise protocol stack to fingerprint. An attacker would first need physical proximity to the circuit and specialized RF equipment just to see the traffic exists, which already rules out the vast majority of remote attackers.
Each team's data is encrypted and effectively siloed. Public reporting on F1's technical setup describes team telemetry as encrypted and private, with only the FIA holding parallel access for compliance purposes. Even sitting inside RF range of the circuit doesn't hand an attacker a readable data stream — it hands them ciphertext tied to proprietary team hardware and software they don't have documentation for.
The system has been one-way since the early 1990s, by regulation. This is the detail that kills the most dramatic version of the hacking myth. FIA rules prohibit sending electronic commands to the car; only data-out is permitted. Even a team's own engineers can't push a settings change into the car electronically mid-session — they radio the driver, who flips a physical switch. There is no remote command channel to hijack, because one doesn't exist by design.
Every car runs the same standardized, audited ECU. Since 2008, the McLaren Applied SECU has been mandatory across the grid specifically so the FIA can enforce consistent logging and prevent teams from running undocumented or exotic software on the car itself. That standardization cuts both ways from a security perspective: it removes a lot of team-specific attack surface, and it means the FIA (not any individual team) controls the baseline firmware trust model.
Onboard buffering removes the incentive to attack the live link anyway. Solid-state storage on the car captures the full data set regardless of radio dropouts, so even if an attacker somehow jammed or disrupted the wireless signal, the team would still recover the complete dataset after the session from the car itself. Denial of the live feed is an inconvenience, not a data-destroying event.
Physical and credentialed access is tightly controlled. Paddocks, garages, and pit walls are credentialed environments with FIA and team security present. Reaching the hardware that talks to the SECU, or the pit-wall receivers, generally requires being a badge-holding, vetted member of a team's own technical staff — which is a very different threat model than "attacker anywhere on the internet."
Assumption, clearly labeled: I have not found public documentation of the specific encryption algorithms, key management scheme, or current-generation RF protocol F1 teams use (understandably — that's the kind of detail teams and FOM would treat as sensitive). Where sources refer to "WiMAX" this reflects historically reported architecture; the current-generation trackside network's exact specifications aren't public, and it would be inaccurate to claim more precision than that.
Put together, attacking the live telemetry link isn't just "hard because it's F1" — it's hard because of layered, deliberate design choices: physical proximity requirements, proprietary encrypted RF, no inbound command channel, standardized and audited firmware, and redundant onboard storage that makes disruption pointless. This is closer to attacking a purpose-built industrial control system with strict unidirectional data diodes than it is to attacking a website or corporate network.
Part 4: Lessons for cybersecurity professionals
You don't have to work in motorsport to take something useful from this.
1. Segment by consequence, not just by network. F1 didn't get the telemetry link this hard to attack by accident — regulation forced a one-way architecture specifically because the consequence of compromise (a car behaving unpredictably at 300 km/h) was judged unacceptable at any probability. Ask the same question of your own environment: which systems have consequences severe enough that they deserve a fundamentally different architecture, not just a stricter firewall rule?
2. Standardization is a security control, not just an efficiency play. The mandatory SECU exists mostly for competitive fairness, but it has a security side effect: the FIA can audit one known-good baseline instead of ten different bespoke stacks. Reducing the diversity of your critical-path hardware and firmware, where it makes sense, reduces your audit burden and your attack surface at the same time.
3. One-way data flow is an underused, powerful control. Data diodes and unidirectional gateways are well-established in industrial control and critical infrastructure security, and F1's regulatory ban on car-bound commands is effectively the same idea, enforced by rulebook instead of hardware in most cases. If a system genuinely never needs inbound commands, don't leave the door open "just in case."
4. The human layer is still where real attacks land. Every documented F1 cyberattack — the McLaren CEO phishing attempt, the Williams lookalike-domain and mailbox-interception incidents, the Ferrari ransomware case, the FIA officials' compromised personal accounts — targeted people and processes, not exotic RF hardware. If you're building a security program and have limited budget, phishing resilience and vendor/third-party risk management will usually pay off faster than exotic technical countermeasures.
5. Physical and credential access control is still cybersecurity. Paddock badge control and garage access rules are, functionally, part of F1's cybersecurity posture — they're the reason "get within RF range of the encrypted feed" is already a hard first step for an attacker. Physical security and cybersecurity aren't separate disciplines; they're the same discipline applied to different layers.
6. Redundancy defeats a lot of attacks before they start. Onboard buffering means a disrupted radio link doesn't actually lose F1 teams any data — it's all still on the car. Ask whether your own "real-time" systems have a similar fallback, so that disrupting the live channel is merely an inconvenience rather than the difference between recovering data and losing it.
Conclusion
Could someone hack Formula 1 telemetry? If the question means "could an attacker interfere with a car's live sensor data or send it a command mid-race," the honest, source-grounded answer is: extremely unlikely, by design, a closed proprietary RF network, one-way data flow mandated since the early 1990s, encrypted and siloed team data, standardized audited ECUs, and tight physical access control all stack up against that specific scenario. If the question means "could someone hurt an F1 team through cyberattack," the answer is unambiguously yes and it has already happened repeatedly, just at the level of email, apps, and IT infrastructure rather than the car itself.
That gap between the two answers is the real story here. The most exciting-sounding attack is the least realistic one, and the least glamorous attack surface — an inbox — is exactly where the real damage has occurred. It's a pattern worth remembering well outside of motorsport.
Sources and further reading
- FIA telemetry regulation history and one-way data rule — Formula1-Dictionary.net, "F1 Telemetry: Real-Time Data Systems"
- Standardized ECU (SECU) since 2008, WiMAX trackside network, onboard buffering — MySimRig, "F1 telemetry dissected: from sensor to strategy in milliseconds"
- McLaren CEO phishing attempt and Darktrace partnership; Williams ransomware and lookalike-domain incidents — TechRepublic/RootDaemon, "This is how Formula 1 teams fight off cyberattacks"
- Williams FW43B AR app breach (2021) — ExpressVPN Blog, "The Biggest Cyberattacks in F1 History"; PrivacySavvy, "Formula 1 Cyber Threats and Security Measures"
- Official F1 app compromise and fake notifications — Infosecurity Magazine, "Official Formula 1 App Hacked"
- Ferrari RansomEXX incident and NFT scam, FIA officials' phishing (2024), CrowdStrike outage impact — CBS Austin, "The 'Hidden Driver': Cybersecurity's role during Formula One"
- 2007 McLaren–Ferrari "Spygate" espionage scandal — widely reported contemporaneously and referenced across multiple cybersecurity retrospectives cited above
- General incident roundups and recent (2025) fan-targeted phishing campaigns around Grand Prix weekends — CloudSEK whitepaper, "Cybersecurity Scams Targeting Fans and Teams at the 2025 Belgian Grand Prix"; CyberPress, "Phishing Attacks Hit Fans and Teams of the Belgian Grand Prix"
Author's note: This piece relies entirely on publicly available reporting and team/FIA statements. Anything not directly sourced is explicitly flagged as an assumption. Exact current-generation encryption schemes and RF protocols used by F1 teams are not public information and are not claimed here.