Bad Security Stories, Volume I: The Big 12 Still Has No Idea If Their Football Coach-to-Player Communications Were Actually Compromised

Your humble author is starting a new Sniff Wi-Fi blog series today: Bad Security Stories

Yours truly may not be the second coming of Bruce Schneier -- though from what I've read of Schneier's I like his vibe -- but all these years of sniffing (and working in Wi-Fi in general) have led to me picking up a fundamental understanding of communications and data security. So let's blog about it!

A college football cheating scandal -- or at least, the potential for one -- was recently uncovered and resolved in a matter of three days. To steal a quote from a memorable-but-not-to-be-described-in-polite-company scene in the film Tommy Boy... hmm, that's a mystery.


A quick primer:

Throughout last year's college football season, there were several accusations of 'sign-stealing'. Sign-stealing involves comparing the hand signals, posters and other 'signs' used by football coaches to signal to their players what formation and/or orchestrated 'play' to run.

For the 2024 college football season, most conferences (groups of universities which compete against one other in football) adopted wireless coach-to-player communication.

Since coach-to-player communication is one-way communication, more advanced wireless technologies like Wi-Fi and 5G/cellular were not needed (read: too expensive). So the conferences settled on simple wireless communications over unlicensed frequencies; similar to an old-fashioned walkie-talkie.

You can probably see where this is going... Lots of one-way wireless communication is unencrypted, and it turns out that was exactly the case for almost all the big college football teams.

Now, if you know anything about sniffing -- and your humble author would like to think he knows a thing or two -- then you know that 3rd party wireless sniffing in undetectable. Be it a Wi-Fi network, cellular networks or (in this case) college football coach-to-player communications; a 3rd party can sniff without a trace as long as four conditions are satisfied:
  1. The eavesdropper must be within radio frequency range of the transmitter.
  2. The eavesdropper must have a device tuned to the same frequency(ies) as the transmitter.
  3. The eavesdropper's device must support the communication protocol -- what us Wi-Fi folks call 'modulation and coding scheme', or MCS -- of the transmitter
  4. The eavesdropper must know the receiver's encryption key(s), or... the wireless communications must be unencrypted.
Just going through the list... anyone in the stadium would be within range (especially if they snuck in a directional antenna), the frequencies being used were well-known, the same protocols were used by every team's headsets & helmet speakers, and -- based on ESPN's initial reporting of the breach -- the communications were unencrypted. 

4 for 4! We had a definite, documented case of coach-to-player communications being vulnerable to wireless eavesdropping; apparently to anyone in possession of an over-the-counter police scanner! And... if said eavesdropping did happen, it could not possibly be proven or disproven because (again) 3rd party wireless sniffing is undetectable.

That is bad. But honestly, it would not qualify as a Sniff Wi-Fi 'Bad Security Story' on the aforementioned facts alone. Mistakes happen. Unencrypted wireless happens. We don't want to highlight missteps unless there is a significant level of malice or negligence or deception involved... which, in this case, there is.

Just three days after the initial report of Texas Tech -- a relatively strong football team in the Big 12 conference -- asking for an investigation into whether two rival teams might have used non-public knowledge of unencrypted wireless coach-to-player communications to gain an advantage, the Big 12 conference came out with a statement: "At no point was any Big 12 competition compromised."

WHAT??!?!?

How on Earth would the Big 12 conference know that no malicious sniffing occurred? There were tens of thousands of people in the building. Coaching staffs for two Big 12 schools which were privately made aware of unencrypted coach-to-player communications in late Septempber -- Baylor and Texas Christian (TCU) -- were allowed in stadiums without their possessions and person searched for scanners. There are literally countless scenarios where a bad actor could have 'compromised' a Big 12 football game without anyone having any clue it was happening because -- say it with me -- 3rd party wireless sniffing is undetectable

That, my friends, is a Bad Security Story. It is one thing to have a known vulnerability. I don't think it's a reach to say literally everyone reading this blog has, at one point or another, communicated across a platform that was eventually found to have some sort of security limitation and/or flaw. 

But to pretend there was no hack just because no evidence of a hack exists?? That's Flat-Earthing my friends. (Flat-Earthing, defined as believing things [like a round Earth] don't exist just because you don't have conclusive evidence that they exist.)

The good news is Big 12 football coach-to-player communications are now encrypted -- the football teams had to ship all their helmets to the helmet speaker vendor to get them fixed, which could be a blog post of its own if I never to a Problems With Non-Scalable Solutions series -- but we still have no idea if any malicious sniffing ever did occur.

*** 

Ben Miller has worked in Wi-Fi for wayyyyyyy too many years. (Over two decades now!) You can contact Ben via email or follow him on Twitter, using the contact information below. 

If you like Ben's blog, you can support it by subscribing and by shopping through his Amazon link.  

Thank you. 

Twitter: @benmiller 

ben at sniffwifi dot com

Comments

Popular posts from this blog

Chips, Glorious Wi-Fi 6E Chips!

Five Facts About 6 GHz Wi-Fi

Go To Sleep, Go To Sleep, Go To Sleep Little iPhone