article featured image


Over the July 4th weekend, on the eve of the Austrian Grand Prix, racing fans worldwide received some very odd push notifications from the official Formula 1 app. Apparently, these notifications are linked to a targeted cyberattack.

Users received two messages. The first simply read “foo”, which is a placeholder name for program elements often used by programmers when sharing sample code with their peers. Although it was strange, the message was hardly considered alarming.

The second text was a bit more startling: “Hmmmm, I should check my security.. 🙂

f1 push notifications heimdal security news

Image Source: The Register

As reported by Forbes, it appears that the pair of unauthorized messages was the extent of the attack. According to an F1 spokesperson, their investigation confirms that this targeted attack was limited to the Push Notifications Service.

Although the statement should be reassuring to F1 app users, it’s possible that something shadier is actually happening. There is the possibility that a threat actor was looking for entry points into more sensitive systems.

The other option would be that a white hat hacker was looking for vulnerabilities. Nevertheless, as Lee Mathews reports, the target would have received some sort of notification so that any vulnerabilities that were found could be addressed before they were exploited by threat actors.

Recently, push notifications have proved a problem for some of the higher-profile services, including video slinger HBO Max who sent out an “Integration Test Email” notification just last month. The email sent by HBO was delivered through Sendgrid, a popular email marketing platform used by many companies, and it was likely a marketing test that got blasted out to all registered HBO Max accounts by mistake.

In the case of Formula 1, the company appears to have been the victim of miscreants prodding the outfit’s defenses, which could be anything from a vulnerable service to a poorly secured device.

F1 and users of the F1 mobile app are fortunate that there weren’t any cryptocurrency scams, phishing attacks, or malicious links involved.

Author Profile

Cezarina Dinu

Head of Marketing Communications & PR

linkedin icon

Cezarina is the Head of Marketing Communications and PR within Heimdal® and a cybersecurity enthusiast who loves bringing her background in content marketing, UX, and data analysis together into one job. She has a fondness for all things SEO and is always open to receiving suggestions, comments, or questions.

Leave a Reply

Your email address will not be published. Required fields are marked *