The CoachComm headset used by the vast majority of FBS coaches has a severe vulnerability
Wireless headsets have become the norm in college football. CoachComm LLC claims to have 97% of the market share of FBS programs. The best known competitor is Westcom Wireless. Westcom recently had a case dismissed where the plaintiff, CoachComm, claimed that Westcom was advertising false information and patent claims.
The case itself is relatively mundane, but upon researching the differences between the two company's flagship models, we discover a potentially serious issue.
CoachComm's X-System model is advertised as the FBS/FCS model used by 97 % of programs across the county. Jason Smith, Director of Equipment Operations at the University of Maryland, is the most prominent testimonial on the page, stating "Technical support has been phenomenal...great system!" CoachComm lists the premiere features as "Powerful Management of Game Communications, Enhanced Sound and Clarity, X-System Sideline Cart, Rugged Design and Advanced Features, etc."
Westcom's flagship model, the Atlas Flex System, claims to be "Always ahead of the game" with "900 MHz Clear Call Chipset (Patented feature), 256 Bit Point to Point High End Security, 32 Coaches, 6 channels, etc." The Clemson Tigers are featured on the Westcom homepage, and the Atlas page claims that the system is used by the XFL.
As a side note - the NFL appears to use a standardized Bose system with technology incorporated in aviation and the military. Here is Jim Harbaugh rocking a Bose.
The glaring difference between CoachComm and Westcom is the lack of security mentioned in the CoachComm system specs. Searching the X-system's manual and game day guides (direct link PDF warnings) returns nothing regarding wireless security, encryption, nor passwords. It does mention that the headset uses 900 MHz and 2.4 GHz frequencies.
Police, fire, and EMS operate on the 800 MHz spectrum, and those frequencies are commonly listened to via scanner hardware and applications. I reached out to a fellow first responder, who is also an emergency dispatcher and Marine Corps veteran, to determine the risk to the 900 MHz frequency. He states that without encryption, the 900 Mhz range is just as open to scanner devices as the 800 Mhz range.
The 2.4 GHz range could be accessed via something like HackRF, "open source hardware for software-defined radio." Again, this spectrum appears vulnerable without encryption.
We have been told that most schools use CoachComm. There are a lot of pictures of school helmets on the CoachComm page but not much clarity to who is actively using their equipment. There is an oddity in the photograph, where it appears an Ohio State helmet has had a Rutgers "R" layered over it. Westcom has a picture of Clemson, but their main testimonial is from McMurry University. Instead, let us look at photographic evidence, new and old.
First, here is an archive.org capture of CoachComm's website in 2017 with Michigan at the forefront. Looking at Michigan's past and present photos we see some older technology in 2016. In 2017 we see Don Brown rocking the CoachComm system. Jim Harbaugh has a similar receiver in 2022, however it looks like it may have some potential modifications. In 2023 we see Mike Hart with a similar receiver to Don Brown, with a few extra dials.
Let's check out Maryland and verify the testimonial: Mike Locksley, you are a handsome Brand Ambassador and a heck of a football coach. Unfortunately, Maryland's gameday communications may be vulnerable.
/cdn.vox-cdn.com/uploads/chorus_asset/file/13625822/495609206.jpg.jpg){kind=link}
So let's turn to Ohio State. In 2017, Urban Meyer has a receiver with a giant ATT logo. Could just be a sponsorship placement, or maybe a cellular frequency is being used. Whatever it is, that model does not appear to be from CoachComm nor Westcom. Ryan Day currently has a very sleek and modern looking receiver. Hot dang, that is as slick as your beard, Ryan.
Let's check out some recent sideline footage from Urban Meyer. It appears he is intently listening to his cell phone while the Ohio State Buckeyes are trailing Maryland 10-7 in the 2nd quarter. I have seen that intent gaze inside a football stadium before. During the 1990s (and probably earlier), it was common in my seating section to have a guy with a handheld radio listening to the gameday radio broadcasts to help understand everything happening on the field. Gleaning facts from Urban Meyer's past, there is no person nor event that would be more important than an Ohio State football game. He is probably listening to something football related. Could be work related. Could be Urban Meyer doing Urban Meyer things.
Going back to Michigan, it is very likely that between 2016 and 2023 Michigan did change its wireless communication technology a bit. It is not for certain if Michigan still uses CoachComm or a system similar to CoachComm. But there looks to have been some upgrades.
It is possible that Michigan had learned about these communication vulnerabilities from somebody with military experience. After all, the NFL uses a standardized system with military level technology.
There is a common tactic amongst cheats - smoke and mirrors. If you are engaged in a high-level espionage technique, then you may want to have people focus on other, more common, cheating techniques. Things like stealing signs.
It is awfully strange that Connor Stalions operation was so blatantly out in the open. Of course somebody was going to "catch" him. I am not sure if Stalions designed it purposely because he thought it wasn't against the rules, or if he thought he wouldn't get caught, or if he was simply trying to smoke out a few cheaters.
Either way, there definitely appears to be a major difference between Ohio State's communication equipment and other schools. Nick Saban - CoachComm. Dabo Swinney - CoachComm. (Side note - Ryan Day compared Dabo Swinney's sign stealing operation to the KGB)
I can safely say there is a severe vulnerability in college football's gameday communication methods. What schools have taken the ample precautions is not clear. I hope they all take security very seriously. It is possible CoachComm can be encrypted, but without that information in the manual, there is a non-zero chance there are some schools with unencrypted communications.
Even if there was encryption of sideline communications, it is still possible that a bad actor could steal the encryption password and pass that information along to an opponent. Of course, anybody engaging in the act of sharing passwords without authority to do so would be violating the Computer Fraud and Abuse Act.
Those crimes are investigated by the actual FBI. Not the former FBI.
Go Blue.
October 31st, 2023 at 4:31 AM ^
It sounds like you are saying that it's possible Ohio State is using technology to steal opponents' wireless communications, and is protecting themselves from the same by using heavily encrypted systems for their own headsets. Well, I don't need much convincing, but I believe you.
October 31st, 2023 at 9:06 AM ^
I posted this to reddit r/CFB because I really want better feedback from unbiased people. Namely smaller schools that could lack the resources to secure their communications.
October 31st, 2023 at 7:48 PM ^
THIS JUST IN:
Title: Ohio State Football Scandal: Wireless Headset Espionage Rocks the Gridiron
Introduction
In the high-stakes world of college football, where fierce competition and rivalries run deep, the game has always been about more than just touchdowns and field goals. It's about strategy, preparation, and the relentless pursuit of victory. However, in a shocking turn of events, the Ohio State Buckeyes football program has found itself embroiled in a scandal that threatens to tarnish its storied reputation. Allegations of wireless headset espionage have rocked the college football world, with the Buckeyes accused of stealing opponents' communications during games while using heavily encrypted systems to protect their own.
The Accusations
The scandal came to light after several opposing teams reported suspicious interference with their wireless headset communications during games against Ohio State. Coaches and staff from rival programs alleged that they were experiencing unusual disruptions and interference that hindered their ability to communicate plays, make adjustments, and call plays effectively. This raised serious concerns about the integrity of the game and whether Ohio State was gaining an unfair advantage.
Ohio State's Response
Ohio State football officials have vehemently denied any wrongdoing and have stated that they are committed to upholding the highest standards of ethics in the sport. They contend that their heavily encrypted communication systems are purely for security reasons and to prevent any potential hacking or interference by opposing teams. The Buckeyes have claimed that they are victims of false accusations and that they have always adhered to the rules and regulations of college football.
The Investigation
The NCAA, in response to the allegations, launched a thorough investigation into the matter. The NCAA Enforcement Division has been working diligently to uncover the truth behind the accusations and determine whether Ohio State has engaged in any unethical practices. This investigation is ongoing, and its findings will have far-reaching consequences for Ohio State and the college football landscape as a whole.
The Impact
The allegations surrounding Ohio State have sent shockwaves throughout the college football world. Fans, players, and coaches from rival programs are anxiously awaiting the results of the NCAA's investigation, as it could lead to severe penalties if wrongdoing is proven. The potential fallout could include sanctions, fines, and a loss of reputation for Ohio State, as well as a significant impact on the program's recruiting efforts and future prospects.
Conclusion
As the investigation into the Ohio State football scandal unfolds, the college football community finds itself at a crossroads. The sport's integrity and fair play are at stake, and the outcome of this scandal will undoubtedly shape the future of college football. Regardless of the verdict, one thing is clear: the Buckeyes' once-sterling reputation has been tarnished, and their actions, or lack thereof, in response to these serious allegations will define their legacy for years to come. College football fans everywhere will be watching closely as the truth is revealed and justice is served in this high-stakes drama on the gridiron.
October 31st, 2023 at 10:10 PM ^
Now that reads like journalism. Nice.
October 31st, 2023 at 5:16 AM ^
I've been harping on this for two weeks, and will again: With 30-second intervals, max, between plays, adjusting in real time to the wealth of information it's being asserted is being stolen, along with the adjustments a QB makes when he looks over the personnel, the 3-4-5 things he may do once the ball is hiked. . . the degree to which the stolen info is 'actionable,' as they say, would seem very, very small.
I'd much rather have a really smart D coordinator who thinks, "Third and 3; their tendency is this, this, and this; indeed, they have lined up like this--and now shouts to 2, 3, also smart people who have studied the opposition, to be ready for. . .
An adjunct to this HAS to be that if Conor is noticing things like which lineman the halfback tends to follow on certain plays. . . we're back in totally legal territory, the territory of--ta da!--scouting.
EDIT: The larger point one might take from the OP is that there is really NO WAY that OSU hasn't worked to keep up with the tech and techniques, just like everyone else. It should not be hard to pin some of the same behavior on their asses. When we destroy them on Nov 25, I see a gathering storm for Ryan Day.
October 31st, 2023 at 11:05 AM ^
this is the most critical point in the discussion. what advantage is gained, if any? Two teams line up. As they're doing so, the defense is reacting to what formation the offense is lined up in, and the offense is reading the defense. The play call is coming in from the sideline, players are getting in position, going in motion etc.. So if this is going to work, the offense is calling the play. the guy on the other sideline is interpreting which is the correct play call, then referring to his "sheet of stolen plays", then telling his coordinator who signals to the defense, who then is making adjustments before the ball is snapped?
How much advantage are we gaining here? Or is it, at best, that the Defense reads the offensive formation, relies on the scouting and film study to call the play, and at most you might get confirmation that your suspicions of "oh they always screen pass from this formation on third and short" is correct because we saw the "pass" signal?
It's silly to think this is swaying games or giving one team an unfair advantage, espcially when the other team has their perhaps-less-sophisticated-but-still-trying sign stealer doing the same thing on the other sideline. And change it up if you're so worried - wristbands, new signals, or heavens sake BREAK FUCKING TENDENCY RYAN DAY. OSU has a shit coach and we're going to break them, again.
October 31st, 2023 at 6:29 AM ^
"There is a common tactic amongst cheats - smoke and mirrors. If you are engaged in a high-level espionage technique, then you may want to have people focus on other, more common, cheating techniques. Things like stealing signs."
Believable. Very believable. Thinking of OSU, of course. It's easy to get the feeling that Michigan is armed with only knives in a gunfight. That extends to public relations, too.
October 31st, 2023 at 8:35 AM ^
My respect for Headsetless Hoke just went up…
October 31st, 2023 at 10:18 AM ^
Michigan should hire a sound signal systems engineer and detect all attempts to access their signals. An associate of mine did this for the Cincinnati Bengals as they had caught several NFL teams trying to access their calls via the radio signals.
October 31st, 2023 at 10:45 AM ^
That is amazing. Can you possibly provide a source? One that isn't anonymous would be great.
October 31st, 2023 at 10:51 AM ^
What the crap is this, and why are you wasting everyone's time?
He states that without encryption, the 900 Mhz range is just as open to scanner devices as the 800 Mhz range.
The 2.4 GHz range could be accessed via something like HackRF, "open source hardware for software-defined radio." Again, this spectrum appears vulnerable without encryption.
Literally every single broadcast frequency is open to scanning. It's what scanners do. There's no such thing as a "closed" frequency, whatever that's supposed to mean. If you're using a communication frequency at all, you can't stop someone from making an antenna to pick up your signals. It's why encryption exists in the first place. The military will shuffle frequencies as a deterrent, but they still use encryption.
I didn't know CoachComm existed until this stupid "sign stealing" nonsense started, so I don't really know or care if they use encryption. They're incredibly stupid if they don't.
November 1st, 2023 at 7:20 AM ^
And to build on this, nobody needs an ex-military guy to tell them which frequency can be scanned or that they should secure their broadcast systems. JFC - any systems administrator will tell you the same thing, and provide the details necessary to defend against it.
This stuff isn't rocket science, we do it every day...
October 31st, 2023 at 12:23 PM ^
Forgive me if I missed something, but it seems you're saying you don't really know whether the signals use encryption, so there's a vulnerability? My guess is that you can encrypt the transmissions, and that there is security built in, but the companies don't want to publicize their security measures to give more information to would-be hackers. Also, it seems likely that the teams themselves could encrypt the transmissions if the headsets don't automatically, and it all could be behind a wifi firewall.
In other words, unless you have information of someone having actually hacked these, it seems to be creating one more area of worry when we already have enough of that.
October 31st, 2023 at 12:45 PM ^
but the companies don't want to publicize their security measures to give more information to would-be hackers
Security through obscurity, baby!
October 31st, 2023 at 7:08 PM ^
That is a whole lot of research and a very in depth look into sideline communication, and it might have saved you some effort if you had considered researching frequency hopping spread spectrum (FHSS) prior to delving into an in-depth discussion. It's worth noting that FHSS is utilized by the military and is also the technology used by CoachComm. Needless to say you aren't using a scanner to eavesdrop like the ones used to listen in on emergency services.
October 31st, 2023 at 10:15 PM ^
You are using absolutes with a giant lack of evidence to support such a bold claim. Care to endulge me how the hopping system actually encrypts anything? My first responder equipment can activate when any unencrypted channel is accessed on the 800 MHz frequency.
November 1st, 2023 at 7:24 AM ^
If you don't understand how frequency hopping or encryption works as a general idea, the technical explanation won't help you. They are two different things...
November 1st, 2023 at 7:53 AM ^
Interesting. Thanks for the insight.
October 31st, 2023 at 11:01 PM ^
It took me 2 minutes to look up their website, click on the brochure for their cheapest system, and confirm that they use encryption.
2 more minutes, and I found the features page for the X-System you're focused on, and confirmed it also uses encryption.
November 2nd, 2023 at 1:59 AM ^
Called the FBI office in Detroit. They aren't investigating the Michigan football team. Very pleasant lady on the phone.
Go Blue.
Comments