My take is that you can't have a serious e-sport cycling scene with the current tech. This guy was caught because he was greedy and the cheat was too obvious. What about all the others that could be doing the same but in a smarter way. There is no way as an honest cyclist to know you were beaten fairly. (Maybe you can be sure you were not).
The protocols (ANT+ in particular) are totally insecure and it's totally possible to MITM them. The obvious solution would be to upgrade those and start sending data over an encrypted channel instead. Still, this is only going to help momentarily and discourage the hobbyist cheaters. People are starting on PC games using very sophisticated setup with dedicated PCI hardware connected to a second computer where the cheat software actually run.
If the devices get secure, people will start cheating at the software level. If the stake are high enough (and there are for those people hoping to get into a World Championship), they will do anything to get an edge.
I think it's hopeless to hope to make those online race as anything serious. It can be a fun hobby and way to exercice but any serious competition will need to take place in person. For cycling, it probably means the old fashion way: on the road.
madrox 504 days ago [-]
This is a challenge across all esports and not just cycling. In other esports, competition may be online, but hardware is usually provided by the organizer and overseen in locations where refs can ensure nothing is being done to machines to cheat. Nowadays cheating scandals only tend to come up in competitions where people are playing from home.
lelag 504 days ago [-]
Yes but with cycling, the point of the e-sport is to not travel. If you have to travel with your bike to a physical location, there is no point in cycling on a static smart trainer, you might as well race on the road (which is much more fun anyway). It's no longer an e-sport.
madrox 504 days ago [-]
The idea would be you would travel without your bike and use one provided by the organizer. That's what other esports do. There's still advantages to the esport, such as not needing to close public roads, design tracks that don't exist or aren't easily accessed, and allow different racing strategy (I imagine they don't simulate pushing wind).
nradov 504 days ago [-]
Zwift doesn't stimulate wind. It does simulate drafting, so you can save energy by sitting on another player's wheel, then try to sprint past them at the finish line.
> People are starting on PC games using very sophisticated setup with dedicated PCI hardware connected to a second computer where the cheat software actually ru
Have you got a reference for this? I want to read more.
It's been used to cheat in professional CS:GO tournament from what I remember. They can have a second PC where the cheat run which read the memory of the game on the clean computer and can for example display the position of the other players on a second screen.
Even if you make the bikes 100% secure, nothing prevents a dedicated cheater from strapping a good old electric motor to the bike and do the on-camera ride on a separate, dummy bike that's only there for show (and to provide a reference speed to the electric motor - which then increases it by 20%).
nradov 504 days ago [-]
That wouldn't work because Zwift championship races require a separate power meter on the bike in addition to the smart trainer. If you just strap an electric motor to a separate bike then the power meter numbers would be all wrong, especially if it supports ANT+ cycling dynamics. You would need a reciprocating machine that actually pushes the pedals, like what power meter manufacturers use to test their own products. So it could be done, but would be difficult and expensive.
In the end though it's impossible to be 100% certain that the data stream coming in to the server is an accurate representation of a real human effort. The whole thing is kind of silly.
bennyelv 505 days ago [-]
I've been wondering how long it would be before something like this happened ever since e-sports cycling started. Longer than I thought it would is the answer!
I'm sure there's simpler ways as well: you could manipulate the spindown test that the turbotrainer does for calibration to make it think the flywheel is heavier than it really is, for example.
At the non-pro level cheating is absolutely rife. Mostly through people lying about their weight. In every open zwift race there are performances that would put a person in the top 0.1% of riders globally being put down by half the field!
nradov 504 days ago [-]
Would attaching some temporary adhesive weights to the trainer flywheel during the calibration test be an effective way to cheat?
My Tacx Neo 2T doesn't even have a calibration process, but maybe that could work on other models. Of course that won't affect the separate data stream sent from the power meter on the bike.
bennyelv 504 days ago [-]
I've made some assumptions, which on reflection could be incorrect.
My Tacx Flux does a spindown test where you spin it up to a high RPM, then stop pedalling and it measures how long it takes to stop. I guess it's actually trying to get an accurate measure of the resistance being applied.
A heavier flywheel will be harder to spin up, but will also take longer to spin down at the same resistance, so maybe that doesn't make a difference.
Pressing something against the flywheel would make the trainer think it's applying more resistance than it really is, so I'm pretty sure that would work.
danceparty 504 days ago [-]
These zwift races require two data inputs, one from a power meter (pedal or crank) and one from the trainer. So manipulating just the trainer flywheel would not be enough.
JCharante 504 days ago [-]
Some context for non-cyclists
You can buy and attach smart trainers to the rear of bicycles. They provide resistance to simulate riding outdoors and you can run “games” on your pc that connect to the smart trainers to update your position in the game based off how hard you pedal. This then enables the possibility for people to race online.
cbm-vic-20 504 days ago [-]
And it's a fun way to get/stay in shape, if the race is low-stakes and you don't care if there's an occasional cheater.
xracy 504 days ago [-]
It's wild to me, and possibly seems like the next development in cheating, that these technologies are functionally catching people who have a sudden increase in performance.
Everything's catching major differences in performance. I think the same is true of the chess.com evaluation of Niemann, and a lot of speed runs as well. It seems like the harder cheats to catch are gonna be the ones where they just give themselves a small advantage over the course of an entire run.
I'm wondering how big a difference we would've seen if the cheater in question here had performed a more consistent w/kg above his V02Max, (but not signifcantly outside the realm of his V02Max), for the entire race.
They say he had a sudden performance of 500+W and his V02Max was in the 400s, I feel like a more smooth/consistent race in the higher 400s rather than a burst at the end would've been a lot harder to catch.
Basically... just more plausible smoothing so that no individual piece of the race would come into question.
dylan604 504 days ago [-]
So let's say someone takes your suggestion to do so they become a better cheater. What the next move in the cat and mouse game to catch the cheat you just designed? To be a good cheater, you should be thinking in these kinds of terms. If you can think of a cheat, but not how to get caught, you'll not be a good cheater. If you can think of a cheat, then realize how it can be caught, then modify the cheat, think of how to beat that, lather/rinse/repeat, you'll probably be a really good cheat. At that point though, I think you could be a better use to society doing something else with that critical thinking. So unless there's a bunch of money involved, it probably won't be attracting the brightest.
mlyle 504 days ago [-]
It's not exactly rocket science to spend a few minutes thinking about how to make your cheating look just like an athlete who is marginally better than the rest of the field.
504 days ago [-]
nradov 504 days ago [-]
It's an ego thing. People love to win even when there's no prize money.
I'm a casual triathlete and it's an open secret that many of the top age group competitors are doping. In particular a lot of the older men are on TRT without having an approved therapeutic use exception. The race organizers do little or no testing because it's expensive and they don't want to piss off customers.
nradov 504 days ago [-]
I think you're mixing up cycling functional threshold power and VO2 Max. FTP is usually defined as maximum average power output that can be sustained over a solid hour. Usually only top male pros can get over 400 W, and 500 W might not even be physiologically possible (at least not without doping). Of course many strong riders can hit over 500 W for shorter efforts.
VO2 Max is the maximum amount of oxygen that someone can metabolize measured. The highest measured VO2 Max scores are about 96 ml/min/kg. No one can sustain a true VO2 Max effort for more than about 10 minutes, and there is only a loose correlation with FTP.
madrox 504 days ago [-]
We're already seeing this in FPS games. The way advanced aim assist cheats work are so subtle these days that even pros watching replays have a difficult time saying for sure if the person is cheating or just good.
I agree, the reason this guy got caught was because it was anomolous performance at the end. If he had managed his cheat differently it would've been nearly impossible to detect.
Raidion 504 days ago [-]
People are always like "well, what if he just wasn't so greedy".
The greed doesn't quit. You cheat to win smaller races, then you're in bigger races, and need to cheat more, and eventually it gets to the point where you need to lose OR you end up on a big stage where a lot of people have entire hobbies dedicated to finding and exposing cheaters. See https://www.marathoninvestigation.com/!
Like, the same thing that makes people cheat are the same people who can't stop cheating until they get too greedy and get caught. If they weren't greedy, they wouldn't cheat.
brookst 505 days ago [-]
I’m not sure “astounding” is the right word when the article notes the hack was demonstrated at a security conference in 2019 using an Xbox controller as an easy UI.
But I suppose the author does go on for a bit about how terrible they are at writing headlines.
jamincan 504 days ago [-]
I think astounding is referring to the brazenness of the cheat. If the racer had been just a bit more discrete in the use of it, they probably wouldn't have been caught.
tsumnia 504 days ago [-]
As I was reading, I realized this will make e-sports more interesting from an academic standpoint (I know, way to party poop). But with the growth of e-sports, we're even seeing universities create e-sports teams, we may see niche security research on this type of anomaly detection. There's neural network powered aimbots, hardware manipulation, probably more (considering a certain chess incident). Would techniques used for credit card fraud / network anomaly detection work in these environments?
The protocols (ANT+ in particular) are totally insecure and it's totally possible to MITM them. The obvious solution would be to upgrade those and start sending data over an encrypted channel instead. Still, this is only going to help momentarily and discourage the hobbyist cheaters. People are starting on PC games using very sophisticated setup with dedicated PCI hardware connected to a second computer where the cheat software actually run.
If the devices get secure, people will start cheating at the software level. If the stake are high enough (and there are for those people hoping to get into a World Championship), they will do anything to get an edge.
I think it's hopeless to hope to make those online race as anything serious. It can be a fun hobby and way to exercice but any serious competition will need to take place in person. For cycling, it probably means the old fashion way: on the road.
https://support.zwift.com/en_us/drafting-in-zwift-B1ZB6Nxr
Have you got a reference for this? I want to read more.
They use this type of hardware:
https://www.raptor-dma.com/raptordma-home/
It's been used to cheat in professional CS:GO tournament from what I remember. They can have a second PC where the cheat run which read the memory of the game on the clean computer and can for example display the position of the other players on a second screen.
In the end though it's impossible to be 100% certain that the data stream coming in to the server is an accurate representation of a real human effort. The whole thing is kind of silly.
I'm sure there's simpler ways as well: you could manipulate the spindown test that the turbotrainer does for calibration to make it think the flywheel is heavier than it really is, for example.
At the non-pro level cheating is absolutely rife. Mostly through people lying about their weight. In every open zwift race there are performances that would put a person in the top 0.1% of riders globally being put down by half the field!
My Tacx Flux does a spindown test where you spin it up to a high RPM, then stop pedalling and it measures how long it takes to stop. I guess it's actually trying to get an accurate measure of the resistance being applied.
A heavier flywheel will be harder to spin up, but will also take longer to spin down at the same resistance, so maybe that doesn't make a difference.
Pressing something against the flywheel would make the trainer think it's applying more resistance than it really is, so I'm pretty sure that would work.
You can buy and attach smart trainers to the rear of bicycles. They provide resistance to simulate riding outdoors and you can run “games” on your pc that connect to the smart trainers to update your position in the game based off how hard you pedal. This then enables the possibility for people to race online.
I'm wondering how big a difference we would've seen if the cheater in question here had performed a more consistent w/kg above his V02Max, (but not signifcantly outside the realm of his V02Max), for the entire race.
They say he had a sudden performance of 500+W and his V02Max was in the 400s, I feel like a more smooth/consistent race in the higher 400s rather than a burst at the end would've been a lot harder to catch.
Basically... just more plausible smoothing so that no individual piece of the race would come into question.
I'm a casual triathlete and it's an open secret that many of the top age group competitors are doping. In particular a lot of the older men are on TRT without having an approved therapeutic use exception. The race organizers do little or no testing because it's expensive and they don't want to piss off customers.
VO2 Max is the maximum amount of oxygen that someone can metabolize measured. The highest measured VO2 Max scores are about 96 ml/min/kg. No one can sustain a true VO2 Max effort for more than about 10 minutes, and there is only a loose correlation with FTP.
I agree, the reason this guy got caught was because it was anomolous performance at the end. If he had managed his cheat differently it would've been nearly impossible to detect.
The greed doesn't quit. You cheat to win smaller races, then you're in bigger races, and need to cheat more, and eventually it gets to the point where you need to lose OR you end up on a big stage where a lot of people have entire hobbies dedicated to finding and exposing cheaters. See https://www.marathoninvestigation.com/!
Like, the same thing that makes people cheat are the same people who can't stop cheating until they get too greedy and get caught. If they weren't greedy, they wouldn't cheat.
But I suppose the author does go on for a bit about how terrible they are at writing headlines.
Old but gold. Maybe staged.