Nederlands
English
Deutsch
Français
Español
Português
Researchers found half of satellite signals unencrypted, allowing interception of sensitive military, corporate and personal communications using basic $800 equipment.
Shocking Discovery: Satellite Communications Wide Open to Eavesdropping
In a startling revelation that has sent shockwaves through the cybersecurity community, researchers from the University of California San Diego and University of Maryland have demonstrated that sensitive satellite communications are alarmingly vulnerable to interception using simple, commercially available equipment. The three-year study, conducted from a rooftop in San Diego, exposed a critical security gap affecting approximately half of all geostationary satellite signals worldwide.
The $800 Security Breach
Using equipment costing less than $800, the research team successfully intercepted unencrypted data from multiple satellites, capturing everything from private phone conversations to sensitive military communications. 'It has completely shocked us,' said UCSD professor Aaron Schulman. 'There are really critical parts of our infrastructure that rely on this satellite system, and we thought it would all be encrypted. But every time we found something new, it wasn't.'
The researchers scanned 39 geostationary satellites across 25 longitudes and discovered that only 20% of transponders had encryption enabled for downlinks, with a mere 6% consistently using IPsec at the network layer. This means that sensitive data from telecommunications, military operations, and critical infrastructure is essentially broadcast openly into space for anyone with basic receiving equipment to capture.
What They Found in the Open Air
The intercepted data included phone calls and text messages from over 2,700 T-Mobile users, operational communications from U.S. Navy vessels, Mexican military and police communications revealing drug trafficking operations, and sensitive corporate data from major companies. 'When we started seeing military helicopters, it wasn't so much the amount of data, but the extreme sensitivity that worried us,' Schulman explained.
The team also captured unencrypted internet communications from aircraft passenger Wi-Fi systems operated by Intelsat and Panasonic, along with operational data from Mexico's state-owned electric utility CFE. Corporate communications from retail, financial, and banking institutions were also vulnerable, including login credentials, corporate emails, and ATM network information.
Industry Response and Security Implications
Following the research findings, T-Mobile quickly addressed the encryption gap in its satellite backhaul connections. A T-Mobile spokesperson stated: 'This research revealed an encryption issue with a limited number of satellite connections from a small group of cell towers, which was quickly resolved.' AT&T also reported that the problem was 'immediately fixed.'
However, security experts warn that the problem extends far beyond these specific cases. Johns Hopkins researcher Matt Green commented: 'It's crazy that so much data is being sent via satellites that anyone with an antenna can pick up. I would be surprised if intelligence agencies haven't been exploiting this for years.'
Cryptographer Matt Blaze emphasized the accessibility of the required technology: 'These weren't NSA-level resources,' pointing out that the necessary hardware is available in any major electronics store.
The Path Forward
The research paper, titled 'Don't Look Up' and presented at an Association for Computing Machinery conference in Taiwan, serves as both a warning and a call to action. The title references not only the 2021 Netflix film about government indifference but also what researchers see as the satellite industry's current security strategy: assuming no one would bother looking up.
UCSD professor Nadia Heninger quipped: 'If they're not doing this already, where are my tax dollars going?' highlighting the expectation that intelligence agencies have likely been aware of these vulnerabilities for some time.
The researchers hope their findings will spur governments and corporations to finally encrypt all satellite communications. 'As long as we're on the side of finding insecure systems and then helping secure them, we feel good about it,' Schulman said. However, they anticipate it could take years to fully address the problem, as many systems communicating via satellites are technically outdated and consequently much harder to encrypt.
For more information about digital security, visit Bright's digital security section.
