A Formula 1 Team Sponsored by a Cybersecurity Firm Was Just Hacked
The Williams FW43B Formula 1 car was leaked on Friday which may not have been such a big deal except that one of its main sponsors is cybersecurity firm Acronis.
"Williams Racing planned to reveal its 2021 challenger, the FW43B, via an augmented reality app later today (5th March). However, sadly, because the app was hacked prior to launch, this will no longer be possible. We have subsequently removed the app from both the Apple App Store and Android Google Play store," wrote Williams in a statement.
"We were very much looking forward to sharing this experience with our fans, particularly during this difficult time when being able to bring in-person experiences directly to our fans is sadly not possible. We can only apologize that this has not been possible."
What makes the matter worse is that Acronis touted its cybersecurity credentials in the recent announcement of the Williams sponsorship.
Serguei Beloussov, CEO of Acronis, said: “We are proud to support one of the most iconic Formula One teams on the grid. With our technology, we’re ensuring the safety, accessibility, privacy, authenticity, and security (SAPAS) of Williams Racing’s workloads, data, applications, and systems. By using this design methodology, we can deliver the highest caliber of cyber protection, keeping the team’s data tamper-free and easily accessible for smooth day-to-day operations. We are committed to working with Williams Racing as they protect their edge with Acronis.”
The hack consisted of users simply extracting a bunch of data from the app including the renders of the FW43B and its new livery. CAD models of the new vehicle were also easily made available. Although we haven't gotten our hands on these files ourselves, chances are, the CAD files included in the app do not include that many "trade secrets" such as detailed engine schematics or anything similar.
Although this does seem a little embarrassing for Acronis, we may want to remember that all firms make mistakes and that the team responsible for the app may not have informed the cybersecurity firm about what exactly goes in the app.
Update: Acronis reached out to IE with the following statement: "This incident occurred external to Williams network and no Williams systems have been affected. The compromise of the AR app, which prevented Williams using it to launch the FW43B livery, was completely outside of Williams Racing's in-house systems and networks which are protected by Acronis."
Williams also reached out with the following statement: "Further to yesterday’s statement, Williams Racing would like to clarify that the compromise of the AR app, which prevented us using it to launch the FW43B livery, was completely outside of Williams Racing’s in-house systems and networks which are protected by leading cybersecurity companies with whom we are proud to partner."
It seems we were right about the cybersecurity firm not having been involved with the app.