As of January 1, 2026, the V16 beacon will be mandatory in all vehicles in Spain. The device, promoted by the Directorate General of Traffic (DGT), was created with the aim of reducing accidents and improving road safety by preventing drivers from having to get out of the car in the event of a breakdown or accident. However, as its definitive implementation approaches, risks have come to light that go far beyond visibility or product approval.
A recent technical analysis has raised alarm bells about the digital security of these connected beacons. The problem is not minor: serious cybersecurity flaws could directly affect system reliability and, by extension, driver protection in emergency situations.
What information do beacons transmit and why is it a problem?
The connected V16 beacons, in addition to emitting a light signal, also send data via the mobile network to alert of the presence of a vehicle stopped on the road. This information includes the exact GPS coordinates, technical identifiers of the device and connection parameters.
The risk arises when this data travels without encryption or strong verification mechanisms. According to cybersecurity experts, some beacons transmit this information in plain text, allowing third parties to intercept, alter or even block it. In an emergency context, any failure in the transmission can result in the signal not reaching the traffic systems correctly, leaving the driver unprotected.
Vulnerable communications and potential for interference
One of the most worrisome scenarios is the possibility of spoofing a cell phone station. Using relatively accessible techniques, an attacker could intercept communications between the beacon and the server receiving the alert.
This opens the door to several risks: from preventing the emergency signal from being sent to entering false data about the vehicle’s location. In the worst case, the system could flag a non-existent incident or ignore a real one, generating confusion in traffic management and increasing the danger for whoever is stopped on the road.
The problem of updates and device control
Weaknesses are not limited to data delivery: the remote update system of some beacons also has significant shortcomings. Certain models have been found to activate an internal maintenance Wi-Fi network with identical credentials on thousands of devices, integrated directly into the software.
In turn, updates can be downloaded without encryption or digital signature, which would allow modified or malicious software to be installed. In practical terms, this means that a third party could take control of the device, render it unusable or alter its operation without the driver noticing.
Can someone hack a V16 beacon?
Experts agree that this is not a theoretical scenario, since with relatively affordable equipment and freely available tools, it is possible to intercept communications and manipulate a beacon in a matter of minutes.
While not an everyday threat to the average driver, the fact that the system is vulnerable calls into question its reliability as a mandatory road safety tool. A device designed to save lives should not be susceptible to being disabled or tampered with so easily.
The position of manufacturers and operators
Beacon manufacturers and telecommunications operators argue that the approved devices comply with current regulations and that they operate over private networks designed to minimize risks. They stress that no sensitive personal data is transmitted and that NB-IoT connectivity limits the use of the beacon to functions strictly related to emergencies.
However, independent analysis insists that the problem is not what data is sent, but how it is protected during the device communication and update process.
How this affects driver safety
The real risk to the driver is not in data theft, but in the possibility of the beacon failing when it is needed most. If the device does not send the alert correctly, if the location is wrong or if the signal is blocked, the system loses its raison d’être.
The V16 beacon is intended to reduce roadkill and improve incident response. But if its technical reliability is compromised, the driver may be exposed to a false sense of security, relying on a system that may not perform as expected.
