Velon hacking

According to this Corriere della Sera article - updated today - Translated summary:

An unnamed coach spills the beans on the likelihood of moles inside/outside of the VeloViewer startup who let the big teams view their live Velon data.:
"The game - explains our coach - consists in matching sensitive personal data in transmission to the position data and sending them to the race centers of the teams that choose the additional service, sometimes physically far from the race.
I don't know who the “facilitators” are, if they are internal or external moles, but I know that the practice exists and that it is also possible to have the data of the opponents. ... ».
more here in Italiano
 
Which exact data is Velon sending through, and which data is publicly available? Hence, which data is sensitive that is not already available?

PS: Is this a credible website, as a source for such news? In the past i got the impression they were more on the "sensationalistic" side.
 
Last edited:
The wider picture is 11 of the 19 teams in World Tour own Velon. 18 of those 19 teams now use VeloViewer i nthe team cars. VeloViewer is a kind of Strava spinoff from 2012. Back in the early days, Team Sky worked with VeloViewer on an application to provide their DS more accurate live race data in an app. Today pretty much every team uses it other than Trek I think. This journalist via a coach in an unknown team seems to suggest it's not just the teams own data and that of the race etc, but other teams data, that they can buy from VeloViewer to view live power curves of competitors to estimate time to exhaustion etc.

I would take it all with a huge pinch of salt. This is the same journalist that only last week was writing about this data coming from Remco's mystery white package in his pocket. This week he's claiming it comes from the Velon transmitter under his saddle, directly to the teams live using VeloViewer. Given 18 of the 19 teams use VeloViewer, I would think someone would at least be pissed off if they knew this was happening now. I think it's just a journalist scratching various rumours and see if anything materialises, then move onto another rumour.
 
So, reading the article, i'm confused. Because is it making a case for riders to carry a "4g modem" like Vayer wants to have us believe? Or is it saying they are just hacking the Velon device? Or is the "Evenepoel modem" used to intercept the data coming from the Velon transponder? Wouldn't it be easier to simply hack whichever server Velon uses, and do it safely and anonymously from the other side of the world? Without any local hardware? I think hacking an encrypted local signal would be harder than hacking into a server where all the data arrive for anybody in the peloton, not just the guys your man with the modem is riding next to.

From another article, stating this same website as the source, this "coach" devised his theory, because he has noticed wifi networks on his smartphone... That's the entire basis for the speculation. I would like to know if this guy has used a smartphone before and has any knowledge of how wifi can be used "away from home". Any smartphone can be turned into a wifi hotspot, for other devices to connect to. Let's say you have an unlimited data subscription, but your two friends don't, it is possible to have your phone act as a wifi hotspot for their phone, so they can use your unlimited 4G data network on their phone to go online through your subscription. There are cars that have 4G antennas, and wifi hotspots inside the car, so that anybody inside the car can use the internet provided by the car's 4g modem over wifi, because the car has a bigger antenna and better reception with the cell tower. It's even quite possible that the wifi signals are coming from spectators who are using their phones the way i described, to watch the TV footage while they are waiting for the riders to pass by.

So, for arguments sake, let's run with this. In that case the way it works is that the Velon transponder sends the data to a cell tower? Or how does the data travel? It is basically the only explanation i can think of to suggest using local hacking hardware. The modem picks up the encrypted 4G signal that the transponder is sending to a cell tower and relays it to the team car... over wifi? If the team car is behind the peloton, phat chance having a wifi signal travel 300 meters, for instance. Else i have a hard time figuring out how the wifi signals factor into this. Otherwise the modem carried by the rider would simply relay it to a cell tower and there would be no wifi signal used in the process. Furthermore, if Velon finds out this is happening (which they should know very fast) they would just change their encryption, and it's back to square one for whoever is trying to hack the data.

One more thing that doesn't make sense to me, is why they wouldn't put the hacking software onto a cellphone, which likely has more processing power and also has 4G and wifi, and would look a lot less conspicuous to carry around. Most Android phones can be used to put anything on, it's basically a Linux branch and the official OS can be overwritten and the interface can be made to look like any phone interface.

Any input from somebody with more knowledge on the subject is greatly appreciated.
 
Which exact data is Velon sending through, and which data is publicly available? Hence, which data is sensitive that is not already available?

PS: Is this a credible website, as a source for such news? In the past i got the impression they were more on the "sensationalistic" side.
It's the online version of the top Italian newspaper, but the author is renowned for his unreliability and love for conspiracy theories.

Cycling has many problems, this doesn't look like one to me.
 

ASK THE COMMUNITY