Zwift hackers and cheaters beware – the online training platform has set up an organisation ‘police racing’ and combat frauds.
ZADA, which stands for Zwift Accuracy and Data Analysis, was re-launched earlier this year and assesses individual performances of riders to flag any that look suspicious.
>> Struggling to get to the shops? Try 6 issues of Cycling Weekly magazine for just £6 delivered to your door <<
Zwift hope the organisation will help combat cheats as it has emerged that a hacker has found a way to cheat the game, using an Xbox controller to modify power output.
Vice News reports that experts from cybersecurity firm Carve Systems are able to modify power output on Zwift by swapping the power meter for a standard video game controller.
A spokesperson for Zwift said: “We take cheating very seriously – especially as we move further into e-sports. Cheating not only calls into question final results if not police properly, but it also removes the fun for those competing.
“All sports face challenges with people cheating and Zwift is no exception to that. We are fully aware of all the ways people might attempt to cheat the system to gain an unfair advantage. Ultimately, we are working hard behind the scenes to make these options and impossibility.”
Zwift launched its own organisation to investigate cheating, ZADA, which is run by a third party by managed by Zwift.
ZADA originally dates back to 2016, when it was a community-driven effort to ensure fair racing under the name Zwift Anti-Doping Agency.
The organisation ceased operations earlier this year only to be rebooted and rebranded in partnership with Zwift.
Riders being subjected to ZADA testing may be asked to submit equipment data, weight verification, power files and other information to support their performances both indoors and out on the road, and could even be asked to take part in laboratory testing.
The Zwift spokesperson said: “Whereas the old ZADA assessed individuals, the new look organisation assesses individual performances. It’s a subtle difference, but an important one – every performance is potentially subject to scrutiny.
“Riders must verify their performance by showing they are capable of the same performance out on the road using an approved, and calibrated power meter. ZADA is also able to look into past Zwift performances and outdoor Strava data to spot individual trends of a rider. Riders must also submit proof of height and weight during this process. In some instances, ZADA may ask a rider to take a lab test.”
ZADA were utilised in the recent Zwift Classics race series, which featured both men’s and women’s professional teams, with five riders being tested every round – all three podium finishers and two other riders picked at Zwift’s discretion.
While the most obvious form of Zwift cheating is riders lying about their weight to improve their watts per kilogram, there are even more clandestine possibilities.
Security researcher Brad Dixon found a way to connect an Xbox controller to Zwift, allowing him to squeeze the trigger to increase the wattage.
He was able to intercept the various readings that Zwift uses via ANT+ and modify them as he pleased.
Dixon told Vice: “It’s incorrect to say that I hacked Zwift, because I didn’t actually. There’s not vulnerability in there. I don’t think there is anything for them to fix. It’s just the nature of the sensors that they’re using and how it works are exploitable.”
It’s even possible to set cruise control, according to Dixon.
While this approach may not be possible in events held in-person, it could still threaten the fun for those racing at home.