Particle.news
Download on the App Store
4 ARTICLES
·
4d ago

Researchers Detail FIA Driver Portal Flaw That Exposed F1 Driver Documents

The FIA says it contained the issue in June, with drivers and regulators informed.

Max Verstappen, el piloto más destacado de la Fórmula 1 cuyos datos fueron espiados por los hackers en una página de la FIA
La información de los pilotos de F1 fue expuesta por hackers (Reuters)
Image
Foto: Cuartoscuro y Gemini

Overview

  • Security researchers Gal Nagli, Sam Curry and Ian Carroll found a basic “mass assignment” bug that let a normal account gain administrator privileges on the FIA Drivers Categorisation site.
  • Using the elevated access, they confirmed they could view passports, licenses, CVs and internal correspondence for drivers, including Max Verstappen, and they say they only captured screenshots as proof.
  • The group reported the issue on June 3; the FIA took the portal offline the same day and deployed a comprehensive fix by June 10, according to both sides.
  • The federation says no other platforms were affected, affected drivers were notified, data protection authorities were informed, and new security and security-by-design measures were implemented.
  • Technical details were publicly disclosed on October 22, days before the Mexico City Grand Prix, focusing attention on cybersecurity risks in a system that reportedly holds records for roughly 7,000 drivers.