• It’s 2024, yet college football’s Power Four teams were using unencrypted GSC helmet communications

    31 Oct 2024

    Just when you think most people understand the basics of security, along comes a story like the following:

    Sources: College helmet communications on unencrypted frequencies

    Really!? All those efforts that coaches go to covering their mouths with their play cards…then this.

    According to the ESPN piece, execs for the SEC, Big 12, Big Ten and ACC have worked with GSC, the manufacturer of these coach to player communication systems, to investigate potential concerns and move to a “more encrypted” and secure platform.

    More encrypted? Hmm…I’m not sure what that means. And, why wouldn’t it be secure from the get-go knowing what’s at stake? Millions and millions (billions?) are being invested into college football. These kind of oversights seems too bad to be true.

    I’m no RF expert but I do know that if you’re communicating over an unsecured channel, then anything is fair game to anyone. In this case, opposing teams, fans, Chinese “cyber” spies at the games 😉 – whomever is within range of the signals.

    The story goes on to say, “We are not aware of any instances of the system being compromised during games. GSC has developed an update to resolve the issue and we have made our schools aware of their ability to update their systems at a time of their choosing.”

    Well, again, I’m no jet fuel genius…as far as I know it cannot be proven that systems were or were not compromised in a situation such as this unless someone comes out and admits it or other evidence is shown. What must be done in these situations is for the end users to assume that ALL communications were compromised. Then, if necessary, take the proper steps to enable encryption and change up communications tactics moving forward. At least they have their cryptic play commands to serve as somewhat of a layer of security! 🙂

    Human-related security oversights plague businesses around the world. Is security becoming more of an HR problem than an IT problem? I’m shaking my head over this BUT not complaining because these things keep me busy so I’m very blessed in that regard.