College helmet comms not secure, sources say
Written by I Dig SportsCoach-to-player in-game communications during Power 4 college football games this season have been occurring on unencrypted frequencies, sources told ESPN on Wednesday, a revelation that raises questions about whether they could have been compromised.
Texas Tech athletic director Kirby Hocutt said he raised the issue during a call with Big 12 athletic directors Tuesday, after learning the Red Raiders' helmet communications were unencrypted and accessible to anyone with a scanner and knowledge of how to locate the frequencies.
The Big 12 has instructed its 10 schools playing games this weekend to send their helmet communication devices back to GSC, the provider for all 68 Power 4 teams this year, for a software update that would provide encryption, sources confirmed to ESPN.
The modules and cutoff switches are expected to be updated and returned in time for Saturday's games.
The Athletic first reported the Big 12's equipment request.
"We've got to have a game whose integrity is not questionable in any way on a Saturday afternoon. We owe it to the 120 young men on our football team to ensure that happens, that it's a game of fair competition and the same set of rules are enforced." Texas Tech AD Kirby Hocutt to ESPN
Texas Tech has requested a report from the Big 12 on its recent games against TCU and Baylor to ensure the integrity of the games were not compromised, and the conference is accommodating that request.
"We've got to have a game whose integrity is not questionable in any way on a Saturday afternoon," Hocutt told ESPN. "We owe it to the 120 young men on our football team to ensure that happens, that it's a game of fair competition and the same set of rules are enforced."
No schools have made specific allegations that an opponent may have accessed their in-game frequencies, and several Big 12 and Power 4 coaches and staffers have questioned whether a competitive advantage could be gained if that did occur.
This is the first college football season that the in-game use of coach-to-player helmet communications and tablets have been permitted at the FBS level. The NCAA approved the rules change in April, six months after launching an investigation into Michigan's alleged signal-stealing scheme under former staffer Connor Stalions.
A frequency coordinator made the discovery in late September while setting up for the Texas A&M-Arkansas game at AT&T Stadium in Arlington, Texas. The coordinator notified the SEC of his findings, as well as Baylor and TCU, which forwarded the information to the conference.
Football operations executives for the SEC, Big 12, Big Ten and ACC have worked together with GSC in the four weeks since to investigate potential concerns and move to a more encrypted and secure platform.
"We have been aware of the issue and have stayed in communication with GSC and our colleague conferences as well as our schools," the SEC said Wednesday in a statement. "We are not aware of any instances of the system being compromised during games. GSC has developed an update to resolve the issue and we have made our schools aware of their ability to update their systems at a time of their choosing."
The revelation that college football teams have not been using encrypted frequencies has frustrated several Big 12 athletic directors, who believed the Power 4 schools had the same encrypted setup used in the NFL, sources said.
GSC could not be reached for comment.
In the Big 12, the concerns about potential vulnerabilities had not been addressed at AD and head coach level until Tuesday.
Following the Tuesday call, the Big 12 sent a memo, obtained by ESPN, to ADs and coaches acknowledging that someone with intimate knowledge of frequency scanners and the GSC system could hear communications.
"GSC and the frequency experts consulted shared that the risk of someone's ability to access this communication was very low," Big 12 chief football and competition officer Scott Draper wrote in the memo. "The four conferences met weekly to discuss the next steps and each chose the same path forward, to inform the head equipment managers of what we knew. As an interim step, we changed frequencies while the software update from GSC was complete. In hindsight, the conference should've shared this information with you."
The Big 12 notified equipment managers at its 16 member schools about switching to backup frequencies in early October, but some staffers may not have forwarded the information to their football staffs. Multiple ADs on the Big 12 call told ESPN they were unaware of the issue until Hocutt addressed it Tuesday.
Texas Tech (5-3, 3-2) lost 59-35 to Baylor on Oct. 19 and 35-34 to TCU last Saturday. The Red Raiders opted to move forward with a different coach-to-player system with encrypted communication provided by CoachComm for its game against No. 11 Iowa State on Saturday, sources said, rather than wait for the software update or the results of the Big 12 inquiry.
"Our football coaching staff and I were made aware yesterday of the player-to-coach helmet communication issues around the country," TCU athletic director Jeremiah Donati said in a statement. "As with any other inquiry, we look forward to assisting the Big 12 Conference in its review process."
Baylor athletic director Mack Rhoades said "we stand behind the integrity of our in-game operations and overall program and are happy to cooperate as needed with conference officials."
In the SEC, the league has communicated with all its programs about the security update available through GSC. The league office is attentive to the issue, sources said, but there's not a high level of concern over communications being compromised.
The Big Ten has been aware of the conversation around the helmet communication and has not had any issues. Programs are updating their technology much like others around the sport.
In the ACC, the league has been tracking the issue for nearly a month. At no point have any ACC teams expressed concern to the league office. They all had the ability to send in the equipment to GSC for the update, which some have already taken advantage of. ACC officials do not have a significant level of concern, in part because no programs have expressed concerns, and all have continued to use the system throughout October.
Officials from the Power 4 conferences were assured by experts that the risk of vulnerabilities to coach-to-player communications was low. But a source at one Big 12 school told ESPN that his staff purchased a scanner earlier this month upon learning of the potential vulnerability and was successful in locating their own coach-to-player communication frequency during a practice.
Still, there are mixed opinions among other Big 12 staffers on whether teams can gain a competitive advantage during a game from their opponent's coach-to-player communications.
The frequency does not broadcast all headset communications between coaches, which would be invaluable, but merely what one coach says to one player on the field -- typically a quarterback on offense and a linebacker on defense -- and only when the coach is holding the button to speak to them before communication is cut off 15 seconds before the snap.
An opponent tuned into that frequency would also need to know how to decode their playcalls and effectively communicate adjustments to their own team before the snap, a much more challenging task than sideline signal stealing.
"There's no real advantage," one Big 12 chief of staff argued. "One, you're speaking a different language. Two, if you think you'd be able to enact in real time what they say and try to do it on the field, you're delusional. You're just being your stereotypical paranoid football coach. You can't relay it to the kids fast enough."
ESPN's Pete Thamel contributed to this report.