Satellites have long been a crucial part of global communications, relaying data for everything from military operations to corporate transactions, and even our everyday phone calls. However, what’s increasingly alarming is that a vast amount of this satellite-transmitted data is unencrypted, leaving private conversations, sensitive military communications, and critical infrastructure data exposed to anyone with the right equipment. A recent study conducted by researchers at UC San Diego and the University of Maryland has revealed that this data is not as secure as one might think.
An Alarming Discovery: The Scale of the Vulnerability
Over the course of three years, the researchers used basic, off-the-shelf equipment—costing less than $800—to monitor satellite transmissions. Stationed on the rooftop of a building in La Jolla, California, the team successfully intercepted communications from geostationary satellites—satellites positioned above the Earth’s equator that send and receive data to a broad portion of the planet. Their findings were shocking: approximately half of these satellites, carrying an array of sensitive information, were transmitting data without encryption, making it vulnerable to interception.
The research uncovered a disturbing range of unsecured data, including:
- T-Mobile calls and text messages: The researchers intercepted thousands of T-Mobile users’ private conversations and messages.
- Military communications: The researchers found US and Mexican military transmissions, which included sensitive intelligence and information about personnel, locations, and equipment.
- Corporate data: The researchers gained access to corporate emails, inventory records, and data from ATMs and critical infrastructure systems.
- In-flight Wi-Fi data: Unencrypted data from airline passengers’ browsing activities and media consumption was captured.
- Utility data: The researchers accessed unprotected communications from power grids and offshore oil rigs, which included work orders, customer information, and equipment failures.
The scale and variety of this exposed data are unprecedented, as these findings only represent a small fraction of the satellites the researchers were able to monitor. This suggests a vast amount of potentially exposed data is still circulating in space, waiting to be intercepted.
The Methods Behind the Research
The researchers developed a satellite receiver system that cost less than $800, which they used to pick up signals from geosynchronous satellites visible from their vantage point in Southern California. Their equipment, which included a $185 satellite dish, a $140 roof mount, and a $230 tuner card, allowed them to intercept satellite transmissions from several telecom companies, military sources, and corporations. What they found was eye-opening.
For example, in just nine hours of monitoring T-Mobile’s satellite communications, the researchers obtained the phone numbers of over 2,700 users, along with the full contents of their calls and texts. Although they could not intercept the reverse transmissions (data sent from the satellite to the telecom’s core network), the sheer quantity of exposed information was staggering.
One of the key vulnerabilities they identified is related to cellular backhaul. Some telecom towers in remote regions rely on satellite connections to link to the core network, and this data can be easily intercepted. Essentially, the signals meant for these remote towers are being broadcast in the open, where they can be captured by anyone with the right satellite equipment.
A Wake-Up Call for Security
The researchers were taken aback by how unprotected this data was, particularly considering the sensitive nature of some of the information. Aaron Schulman, one of the researchers from UCSD, expressed his surprise at the lack of encryption: “It just completely shocked us. There are some really critical pieces of our infrastructure relying on this satellite ecosystem, and our suspicion was that it would all be encrypted,” he said.
The researchers’ findings have already made an impact. They contacted affected companies and government agencies, and many responded by securing their satellite communications. T-Mobile, for example, quickly encrypted their satellite transmissions after being informed. However, others, including some owners of critical infrastructure, have been slow to act, raising concerns about the security of systems that are still vulnerable.
The Risks to National Security
While telecom companies and corporations can face significant reputational damage from exposed data, the risks to national security are even more severe. The researchers discovered unencrypted military communications, including internet traffic from US Navy vessels and sensitive communications from Mexican military and law enforcement. In some cases, the data exposed the locations of military units, the names of military assets such as helicopters, and details about ongoing missions.
One particularly concerning finding involved the Comisión Federal de Electricidad (CFE), Mexico’s state-owned electric utility, which was transmitting internal communications in the clear. These communications included sensitive customer information, equipment failures, and safety hazards. Such vulnerabilities in critical infrastructure pose significant risks, as malicious actors could potentially access and exploit this data for nefarious purposes.
The Global Nature of the Problem
The study’s geographical scope is not limited to the US and Mexico. The researchers only examined a small fraction of the satellites orbiting the Earth, covering an area that included much of the Western Hemisphere, including the Pacific Ocean. However, this small sample indicates that satellites transmitting unencrypted data are widespread, and anyone with access to the right equipment can intercept the communications.
Furthermore, the use of satellites for data transmission is not limited to telecom networks and military operations. Researchers found that even seemingly innocuous data, such as passengers’ browsing activities on in-flight Wi-Fi networks, was being transmitted without encryption. While many in-flight networks use HTTPS encryption for browsing, other forms of communication—such as media broadcasts—remain exposed.
The possibility of hackers exploiting this vulnerability is a real concern. With the right tools, they could potentially perform cyberattacks on a global scale. Even without sophisticated hacking techniques, the availability of such data presents a significant risk for privacy, corporate security, and national defense.
Low Barriers to Exploitation
Perhaps the most disturbing aspect of the researchers’ findings is how easily the data was accessed. The hardware required for this operation was basic and inexpensive—anyone with a modest investment in satellite equipment could replicate the research and collect their own cache of sensitive data. The ease with which the researchers intercepted these signals highlights the minimal barriers to exploitation and suggests that intelligence agencies, hackers, and even rogue actors could be listening in on these unencrypted communications.
Matt Blaze, a cybersecurity expert from Georgetown University, emphasized the low entry threshold for this kind of surveillance: “This was not NSA-level resources. This was DirecTV-user-level resources.” Given that the researchers’ findings were based on easily accessible equipment, it’s likely that many others—whether government agencies or individuals with malicious intent—are already taking advantage of these vulnerabilities.
A Call for Urgent Action
In light of these revelations, experts are calling for immediate action to secure satellite communications and prevent further leaks of sensitive data. Encryption should be standard practice for all satellite communications, and companies and governments must prioritize security measures before they fall victim to cyberattacks or espionage. The researchers have already made their software tool, which can interpret satellite data, available to the public, encouraging further scrutiny and awareness.
As satellite technology continues to evolve and expand, the risks associated with unsecured transmissions will only grow. Governments, telecom companies, and corporations must recognize that the stakes are too high to leave their satellite communications unprotected.
