A recent study by researchers at UC San Diego and the University of Maryland has revealed a surprising and troubling vulnerability in satellite communications. They found that nearly half of all geostationary satellites transmit unencrypted data, making sensitive information from consumers, corporations, and even military organizations vulnerable to interception. For three years, the researchers used a basic $800 satellite receiver to listen in, and they were able to collect a vast amount of unprotected data, including private phone calls, text messages, and in-flight Wi-Fi traffic. This discovery highlights a significant security risk for anyone relying on these systems.
This team passively monitored the signals being broadcast from geosynchronous satellites, capturing a wide range of unencrypted data. The intercepted information included everything from T-Mobile calls and texts to critical infrastructure communications and even military data from the U.S. and Mexico. One of the researchers, Dave Levin, a computer science professor at the University of Maryland, pointed out that the signals are simply being broadcast to over 40% of the Earth’s surface at any given moment. This means that anyone with a simple, inexpensive satellite dish can easily access this flood of sensitive information.
After discovering the vulnerability, the researchers shared their findings with the affected companies and agencies. While some firms, such as T-Mobile, quickly moved to add encryption and secure their systems, others have been slower to act. This is particularly concerning for some U.S. critical infrastructure operators who have not yet secured their systems. The findings highlight the unprecedented scale of risk and the ease with which anyone can conduct satellite surveillance. A surprisingly large amount of sensitive traffic is being broadcast unencrypted and can be observed by anyone with a few hundred dollars of consumer-grade hardware.
The researchers also found that telecom companies were using unencrypted satellite backhaul links, which exposed private data from remote cell towers. Using their $800 dish, they intercepted signals from T-Mobile, AT&T Mexico, and Telmex. In just nine hours, they were able to capture over 2,700 phone numbers, as well as one side of phone calls and text messages from T-Mobile users. This demonstrates how easily an attacker thousands of miles away could eavesdrop on highly sensitive cellular traffic.
The study further showed that Telmex was sending unencrypted voice calls, while AT&T Mexico was transmitting raw satellite data, including user internet traffic and metadata. The researchers even found decryption keys that could have exposed even more sensitive AT&T Mexico network information, although they did not attempt to use them. The entire study makes it clear that the lack of encryption on these satellite links represents a major security flaw that affects a wide range of industries and users globally.
Reference:
