Satellites Are Leaking Your Private Data: Calls, Texts, and Secrets
▼ Summary
– Roughly half of geostationary satellite signals are unencrypted, leaving sensitive consumer, corporate, and government communications vulnerable to eavesdropping.
– Researchers used an $800 off-the-shelf satellite receiver to intercept private data, including T-Mobile calls/texts, airline Wi-Fi, and military communications.
– The study revealed critical infrastructure communications, such as from electric utilities and oil platforms, were exposed without encryption.
– Many organizations, including T-Mobile, quickly encrypted their communications after being warned, but some critical infrastructure owners have not yet done so.
– The researchers concluded that satellite operators relied on the assumption that no one would check for vulnerabilities, describing it as a “Don’t Look Up” security strategy.
A surprising number of satellite transmissions are completely unencrypted, leaving sensitive communications from phone calls to military data exposed to anyone with basic receiving equipment. Researchers have demonstrated that roughly half of all geostationary satellite signals can be intercepted and decoded, revealing a massive and largely unaddressed security vulnerability affecting millions of people and critical systems worldwide.
For three years, a joint academic team from UC San Diego and the University of Maryland conducted an experiment using commercially available hardware. They installed an $800 satellite receiver on a campus rooftop in La Jolla, California, and aimed it at various geostationary satellites within their line of sight. Over many months, they collected and analyzed the raw data streams these satellites were broadcasting. What they discovered was deeply concerning: the researchers successfully captured samples of T-Mobile customers’ private phone calls and text messages, intercepted in-flight Wi-Fi data from airline passengers, and monitored communications linked to essential infrastructure like electric utilities and offshore oil platforms. They even intercepted unencrypted military and law enforcement transmissions from both the United States and Mexico, which disclosed the positions of personnel, equipment, and secure facilities.
Aaron Schulman, a UCSD professor who co-led the study, expressed his team’s astonishment at the findings. He noted that many vital services depend on satellite networks, and the widespread lack of encryption was unexpected. Each new type of communication they uncovered reinforced the same troubling pattern, none of it was protected.
The researchers have titled their paper “Don’t Look Up,” a phrase that reflects what they believe has been the satellite industry’s primary security approach: assuming nobody would bother to scan the skies for exposed data. For nearly a year, the team has been notifying the affected companies and government agencies whose data they intercepted. While several organizations, including T-Mobile, responded promptly by encrypting their satellite links, others, particularly some operators of critical US infrastructure, have been slower to act. Although earlier studies had flagged risks associated with unsecured satellite links, this new research exposes the issue on an unprecedented scale, highlighting a systemic failure that jeopardizes personal privacy and national security.
(Source: Wired)