Bad Security Stories, Volume I: The Big 12 Still Has No Idea If Their Football Coach-to-Player Communications Were Actually Compromised

Your humble author is starting a new Sniff Wi-Fi blog series today: Bad Security Stories

Yours truly may not be the second coming of Bruce Schneier -- though from what I've read of Schneier's I like his vibe -- but all these years of sniffing (and working in Wi-Fi in general) have led to me picking up a fundamental understanding of communications and data security. So let's blog about it!

A college football cheating scandal -- or at least, the potential for one -- was recently uncovered and resolved in a matter of three days. To steal a quote from a memorable-but-not-to-be-described-in-polite-company scene in the film Tommy Boy... hmm, that's a mystery.


A quick primer:

Throughout last year's college football season, there were several accusations of 'sign-stealing'. Sign-stealing involves comparing the hand signals, posters and other 'signs' used by football coaches to signal to their players what formation and/or orchestrated 'play' to run.

For the 2024 college football season, most conferences (groups of universities which compete against one other in football) adopted wireless coach-to-player communication.

Since coach-to-player communication is one-way communication, more advanced wireless technologies like Wi-Fi and 5G/cellular were not needed (read: too expensive). So the conferences settled on simple wireless communications over unlicensed frequencies; similar to an old-fashioned walkie-talkie.

You can probably see where this is going... Lots of one-way wireless communication is unencrypted, and it turns out that was exactly the case for almost all the big college football teams.

Now, if you know anything about sniffing -- and your humble author would like to think he knows a thing or two -- then you know that 3rd party wireless sniffing in undetectable. Be it a Wi-Fi network, cellular networks or (in this case) college football coach-to-player communications; a 3rd party can sniff without a trace as long as four conditions are satisfied:
  1. The eavesdropper must be within radio frequency range of the transmitter.
  2. The eavesdropper must have a device tuned to the same frequency(ies) as the transmitter.
  3. The eavesdropper's device must support the communication protocol -- what us Wi-Fi folks call 'modulation and coding scheme', or MCS -- of the transmitter
  4. The eavesdropper must know the receiver's encryption key(s), or... the wireless communications must be unencrypted.
Just going through the list... anyone in the stadium would be within range (especially if they snuck in a directional antenna), the frequencies being used were well-known, the same protocols were used by every team's headsets & helmet speakers, and -- based on ESPN's initial reporting of the breach -- the communications were unencrypted. 

4 for 4! We had a definite, documented case of coach-to-player communications being vulnerable to wireless eavesdropping; apparently to anyone in possession of an over-the-counter police scanner! And... if said eavesdropping did happen, it could not possibly be proven or disproven because (again) 3rd party wireless sniffing is undetectable.

That is bad. But honestly, it would not qualify as a Sniff Wi-Fi 'Bad Security Story' on the aforementioned facts alone. Mistakes happen. Unencrypted wireless happens. We don't want to highlight missteps unless there is a significant level of malice or negligence or deception involved... which, in this case, there is.

Just three days after the initial report of Texas Tech -- a relatively strong football team in the Big 12 conference -- asking for an investigation into whether two rival teams might have used non-public knowledge of unencrypted wireless coach-to-player communications to gain an advantage, the Big 12 conference came out with a statement: "At no point was any Big 12 competition compromised."

WHAT??!?!?

How on Earth would the Big 12 conference know that no malicious sniffing occurred? There were tens of thousands of people in the building. Coaching staffs for two Big 12 schools which were privately made aware of unencrypted coach-to-player communications in late Septempber -- Baylor and Texas Christian (TCU) -- were allowed in stadiums without their possessions and person searched for scanners. There are literally countless scenarios where a bad actor could have 'compromised' a Big 12 football game without anyone having any clue it was happening because -- say it with me -- 3rd party wireless sniffing is undetectable

That, my friends, is a Bad Security Story. It is one thing to have a known vulnerability. I don't think it's a reach to say literally everyone reading this blog has, at one point or another, communicated across a platform that was eventually found to have some sort of security limitation and/or flaw. 

But to pretend there was no hack just because no evidence of a hack exists?? That's Flat-Earthing my friends. (Flat-Earthing, defined as believing things [like a round Earth] don't exist just because you don't have conclusive evidence that they exist.)

The good news is Big 12 football coach-to-player communications are now encrypted -- the football teams had to ship all their helmets to the helmet speaker vendor to get them fixed, which could be a blog post of its own if I never to a Problems With Non-Scalable Solutions series -- but we still have no idea if any malicious sniffing ever did occur.

*** 

Ben Miller has worked in Wi-Fi for wayyyyyyy too many years. (Over two decades now!) You can contact Ben via email or follow him on Twitter, using the contact information below. 

If you like Ben's blog, you can support it by subscribing and by shopping through his Amazon link.  

Thank you. 

Twitter: @benmiller 

ben at sniffwifi dot com

Comments

  1. Uyeliksiz sohbetFebruary 22, 2025 at 11:37 PM

    Ücretsiz Rastgele Görüntülü Sohbet Kameralı Sohbet Yetiskin Sohbet Gabile Sohbet Canlı Sohbet Cinsel Sohbet Uygulaması.https://livechattt.blogspot.com/

    ReplyDelete
  2. Hessa JosephMarch 15, 2025 at 12:41 AM

    The article highlights concerns about the Big 12's lack of clarity on compromised football coach-to-player communications. For students facing similar uncertainties, consider hiring an expert Pay Someone To Write My Law Assignment.

    ReplyDelete
  3. saraApril 15, 2025 at 4:58 AM

    I’ve read several of your articles and truly admire your style—keep up the fantastic work! Rick Grimes Suede Jacket

    ReplyDelete
  4. SipcalaulatorSeptember 13, 2025 at 12:20 AM

    The best sip is the one that matches your goals and keeps you disciplined.

    ReplyDelete
  5. AnonymousOctober 19, 2025 at 1:51 AM

    This comment has been removed by the author.

    ReplyDelete
  6. NeyihNovember 4, 2025 at 2:23 AM

    Hadolint is a valuable tool for keeping Dockerfiles clean and efficient. It helps developers quickly identify issues and improve container builds, making the entire workflow more reliable and easier to manage across different projects.

    ReplyDelete
  7. NeyihNovember 4, 2025 at 2:33 AM

    I truly appreciate PhpSpreadsheet for its robust functionality and ease of use, allowing developers to generate complex reports, apply styling, formulas, and charts without relying on external spreadsheet software.

    ReplyDelete
  8. MalikNovember 8, 2025 at 1:16 AM

    HDHub4u is my go-to site for movies! The content is engaging, informative, and easy to follow. I appreciate the clear summaries, detailed reviews, and legal streaming guidance. It makes choosing what to watch next effortless and enjoyable.

    ReplyDelete
  9. MishaNovember 8, 2025 at 10:29 PM

    I really admire rojgar with ankit for providing timely job notifications with proper details. The website is easy to use, which makes it perfect for all age groups. It’s definitely a platform that cares about its readers’ success and progress.

    ReplyDelete
  10. Mint Auto TraderDecember 3, 2025 at 10:47 AM

    This new Sniff Wi-Fi series sounds really intriguing! It’s always fascinating to read about real-world security stories and how even small vulnerabilities can have big consequences. Your insight into Wi-Fi and data security makes these lessons easy to follow and engaging.

    It’s kind of like how people researching Right Hand Drive Cars USA dig into the details before making a decision—attention to detail and understanding the finer points really makes all the difference. Can’t wait for the next post in the series!

    ReplyDelete
  11. Bad credit Loans GuaranteedDecember 10, 2025 at 8:00 AM

    Yes! 😄 Those little moments of joy are the heart of learning—they make everything click and stick. Fast Towing Service Manhattan

    ReplyDelete
  12. SAQIDecember 15, 2025 at 4:23 AM

    For Bihar teachers, E Shikshakosh is a game changer. The user-friendly interface of E Shikshakosh helps educators navigate online services smoothly, saving time and effort while maintaining secure access to essential education resources.

    ReplyDelete
  13. DavidDecember 30, 2025 at 10:41 PM

    ProPresenter has completely elevated the quality of my presentations. The ease with which I can manage slides, videos, and audio files in real-time is amazing. It’s incredibly reliable during live events, and the customer support team is always quick to assist with any questions. Highly recommend it!

    ReplyDelete
  14. yalla shootJanuary 29, 2026 at 1:25 AM

    هذا تحليل ممتاز لكيفية تجاهل الثغرات الأمنية اللاسلكية في العالم الحقيقي لمجرد صعوبة إثباتها. وتُعدّ نقطة التجسس غير القابل للكشف من قِبل جهات خارجية بالغة الأهمية، فغياب الدليل لا يعني بالضرورة عدم وجود الثغرات، خاصةً في مجال أمن الترددات اللاسلكية. تُبرز منشورات كهذه أهمية فهم أساسيات أمن الاتصالات، ليس فقط في أوساط تقنية المعلومات. يميل الناس إلى تقدير المنصات الشفافة والمباشرة في طريقة عملها، سواءً لتحليل الأمان أو لتلبية احتياجات الوصول الفوري الأخرى، ولهذا السبب ينجذب الكثيرون إلى الخيارات البسيطة والمباشرة مثل منصة (yalla shoot expert platform) بدلاً من الأنظمة المعقدة.

    ReplyDelete
  15. my flixerJanuary 30, 2026 at 10:42 PM

    This post highlights a fundamental misunderstanding of wireless security—lack of evidence doesn’t equal lack of compromise. Passive RF sniffing is undetectable by design, especially when communications are unencrypted in a public environment. It’s a reminder that proper security should be built in from day one, not assumed after the fact, whether in sports tech or digital platforms people use daily like Love stories.

    ReplyDelete
  16. Goodyear ConcreteFebruary 2, 2026 at 1:52 AM

    Thanks for breaking this down in a clear and fun way. We enjoyed learning from your security story and how it connects to real events. Even though our work is very different, like stamped concrete Goodyear, we value smart insights like this. Our team appreciates the knowledge you share.

    ReplyDelete
  17. Lawrenceville ConcreteFebruary 2, 2026 at 3:08 AM

    We really enjoyed reading this and learning about online safety in a simple way. Our team likes how you explain hard topics so clearly. Even though we work in stamped concrete Lawrenceville, we respect and support great work like this. Keep it up!

    ReplyDelete
  18. Cedar City ConcreteFebruary 3, 2026 at 12:45 AM

    We really enjoyed reading this and learning from your clear story. Our team likes how you explain security in a simple way. Even though we work in other areas like stamped concrete Cedar City, we still value smart ideas and lessons like these.

    ReplyDelete
  19. ​Athens Concrete ContractorFebruary 3, 2026 at 1:36 AM

    We found this story very interesting and easy to follow. Our team likes how you explain security in a simple way. Even though our work is stamped concrete Athens, we enjoy learning from other fields and appreciate you sharing real examples.

    ReplyDelete
  20. Surprise Concrete ContractorFebruary 3, 2026 at 6:21 PM

    Thanks for sharing this story. We like how you explain a hard topic in an easy way. Our team learned a lot from it. Even though we work in other areas, like concrete driveway Surprise projects, we enjoy reading clear and smart security posts like this.

    ReplyDelete
  21. Gainesville FencingFebruary 3, 2026 at 7:04 PM

    This was an easy and interesting read. We liked how you explained a hard topic in a simple way. Our team also works with trust and safety in our own field, like a Gainesville fence contractor, so we value learning from stories like this.

    ReplyDelete
  22. AnonymousFebruary 5, 2026 at 1:42 AM

    This article explains a complex topic in a clear and easy way. We appreciate how it breaks down security issues so readers can understand them better. Even though our work is different, like stamped concrete Wendell projects, we value learning from well-explained stories like this.

    ReplyDelete
  23. Stamped Concrete Rocky MountFebruary 5, 2026 at 2:44 AM

    This article breaks down a tricky topic in a way that’s easy to follow. We like how it explains why communication security matters. Even though our work is different, like stamped concrete Rocky Mount projects, our team enjoys learning from clear stories that help people understand real issues.

    ReplyDelete
  24. BK66February 6, 2026 at 2:22 AM

    Great article! The details provided here are really helpful and easy to understand for everyone. read more

    ReplyDelete
  25. Self Storage Parowan UTFebruary 6, 2026 at 2:24 AM

    This article explains a complex topic in a clear and easy way. We like how it helps readers understand why security really matters. Even though our work is different, like self storage Parowan UT services, our team enjoys learning from stories that break down real issues simply.

    ReplyDelete

Post a Comment

Popular posts from this blog

Chips, Glorious Wi-Fi 6E Chips!

Qualcomm, owners of the Atheros line of Wi-Fi radios, recently announced the availability of Wi-Fi 6E chips. Game onnnnnnn! 6 GHz Wi-Fi is here. Sort of... Qualcomm is selling Wi-Fi 6E (802.11ax w/ 6 GHz support) chips, but we don't yet know when enterprise-grade APs and mobile devices will begin supporting 6 GHz Wi-Fi. Chip-to-product timelines can vary. Wi-Fi 5 (802.11ac) saw enterprise WLAN vendors sell products only a few months after chip announcements. Wi-Fi 6 (802.11ax) saw the big vendors wait a year or more before introducing new AP models. A ton of concerns factor into a vendor's decision on when to develop, manufacture and market new AP technology. Vendors with small market share may be extra eager. Aerohive tried to boost their enterprise Wi-Fi profile by being a leader in Wi-Fi 6. On the other hand, some vendors' enthusiasm for new Wi-Fi hardware may be dulled by competing organizational initiatives. Aruba/HPE, for example, was veering f...
Read more

The Risk and Reward of Wi-Fi 6 Upgrades

With 6 GHz Wi-Fi around the corner in the form of Wi-Fi 6E, upgrading to Wi-Fi 6 becomes a risky proposition. It was just over a year ago that your humble blogger heard the "news" about Wi-Fi 6 (802.11ax). The Samsung Galaxy 10 was on the market. It supports Wi-Fi 6. Our sales engineers were happy to inform us of the upgrade possibilities. Today's news is about a new technology, Wi-Fi 6E. It offers access to the 6 GHz frequency band, which is great. It is not available as a software upgrade from Wi-Fi 6 (as your humble blogger discovered recently ), which is not so great. "Future proofing" has always been elusive. As we are all experiencing right now, nothing can protect an organization from the whims of nature (human or otherwise). I wasn't saying "wait for 802.11n" in 2005 or "wait for 802.11ac" in 2011. If budget, manpower and leadership align, go for it. The reason your humble blogger says "wait for Wi-Fi 6E" today...
Read more

At Least They Didn't Blame the Wi-Fi

Prime Video's stream of the 49ers-Cardinals NFL game received plenty of bad reviews on social media. While most of the negativity focused on stream quality, Wi-Fi largely escaped blame. There is one application type that confounds networks above all others, and it is live video. Pick your poison: voice, location tracking, on-demand video, cloud-hosted apps... None of them cause problems as consistently or predictably as the livestream. The issue is a simple one: broadcast vs. two-way. Packetized data networks are a two-way communication medium. Receiver must acknowledge sender. Live video has, since its inception decades ago, been a broadcast technology. Your television doesn't send anything to the local broadcast tower. Same with cable boxes. Same with satellite dishes. Pushing against this immutable scientific fact is commerce. Sports leagues see the billions of dollars being spent by streaming services, and they want some. Streaming services see the millions of eyeballs tun...
Read more