Fans of Formula One International auto racing were sent strange messages over the holiday weekend after the sport’s official app was hacked.
Forbes reports that the messages received by users of the F1 app over the July Fourth weekend are believed to be linked to a targeted cyber-attack.
A spokesperson for F1 stated that no customer data is believed to have been compromised during the incident.
Two push notifications were sent out, the first of which, delivered at around 8pm CEST on Saturday, only contained the message “foo.” Programmers have been known to use the metasyntactic variable “foo” as a placeholder for a value that can change, depending on conditions or on information passed to the program.
App users were then sent a not so confusing but more worrying message that read “Hmmmm, I should check my security.. :)”
The unsettling incident, which prompted F1 to launch an investigation, appeared to end there.
Speaking to ESPN, an F1 spokesperson said that probe into the incident “confirms that this targeted attack was limited to the Push Notifications Service.”
The spokesperson went on to say that F1 will “continue to investigate, review and improve safety measures but, at this time, have no reason to believe that any customer data has been accessed during this incident.”
The hack raised some concern among the app’s users. One user, Jonathan Koziel, left a two-star review for the app on July 3 along with the statement: “This review isn’t of the app itself, its [sic] honestly great and it works beautifully though the ads can be annoying. Anyways, [sic] I want to raise a security concern.
“A couple mins before writing this I got a notification that said “Hmmm, you should check your security.. :)” If anyone can get back to me I would greatly appreciate it.”
“While this hack may only have resulted in a mischievous message being sent to users, it certainly had the potential to be much worse,” commented Emsisoft’s Brett Callow.
“In-app messages could, for example, be used to create very convincing phishing campaigns. If a message were well-crafted, users would have little reason to question it. The moral here is really that folks should be suspicious about everything.”
Earlier this year, an augmented reality app operated by the Williams F1 team was disrupted due to a cybersecurity incident.
The team had intended to reveal its 2021 challenger, the FW43B, via the app on March 5, but removed the app from online stores after it was hacked.