Having worked my butt off to win a handful of “Group D” events, and still never been bumped up to “C” by for the folks at Zwift Power, I’m certainly not that personally concerned about cheating in Zwift racing or esports in general. I’ve always just left that worry to the folks at the pointy end of the stick at the top of the A Group. If folks are willing to cheat just to win a D Group race, well, so be it. It’s not like there aren’t any number of folks out there that could do it without cheating. It’s just easier to assume everybody is on the up-and-up, enjoy the race, get a great workout, and go on about your life. It’s just not worth worrying about.
However, as esports become more mainstream and tangible things (ie: money) are on the line, cheating will obviously need to be addressed. So it’s not surprising that, in this case, the issue first comes onto the radar at a well-known “hacker” conference as opposed to the World Anti Doping Agency’s yearly conference.
It’s also not surprising that one of the first articles to put all this into perspective is from DC Rainmaker. This time he details a recent presentation at Def Con (a well-known “hacker” conference) about “hacking” Zwift. This relatively simple piece of off-the-shelf hardware and some custom software demonstrates just how susceptible the current generation of cycle trainers and application are to what is best described as a “man in middle” attack.
In this case, the hardware sits between the hardware’s ANT+ transmitter and the application’s (ie: Zwift’s) ANT+ receiver and transparently modifies the the important metrics (power, heart rate, and cadence) by some factor. Much in the same way as an elite athlete may only need a 1 or 2 percent of improvement from performance enhancing drugs, those cyclists already at the top of their class may only need 1 or 2 percent increase in wattage, especially at the opportune moment) to move to the top of the podium. Modifying heart rate and cadence by reasonable amounts, in real time, keeps everything looking legit. In fact, this mode was designated “EPO Mode” for obvious reasons.
Jump on over to DC Rainmaker for more details on the hack, it’s implications, and what to expect going forward.