A security blind spot has been revealed in the skies above us. A team of researchers has discovered that a surprising amount of data transmitted to orbiting satellites is unencrypted, potentially paving the way for eavesdropping on communications from mobile carriers, as well as military and government users.
The issue doesn’t affect SpaceX’s Starlink, but data sent to higher orbiting geostationary satellites, which can also provide communications to mobile carriers, commercial buildings, and government users in remote and rural areas. A team from the University of California, San Diego, and the University of Maryland investigated whether such satellite signals were encrypted, as the same signals can be easily intercepted over the air using consumer-grade dish equipment costing around $800.
It turns out that a large swath of geostationary satellite data is unencrypted over North America, the researchers wrote in a paper published on Monday. “We found 50% of GEO links contained cleartext IP traffic… The severity of our findings suggests that these organizations do not routinely monitor the security of their own satellite communication links.”
The results also shocked the team of researchers, according to Wired, which noted the surveillance gap is so glaring that it’s possible foreign intelligence agencies or other bad actors might be exploiting the unencrypted satellite data for spying.
(Credit: Research paper)
Researchers monitored radio signals to 39 geostationary satellites from “a single vantage point” in La Jolla, California, using a standard satellite dish. They saw “unencrypted cellular backhaul traffic from several providers, including cleartext call and text contents, job scheduling, and industrial control systems for utility infrastructure, military asset tracking, inventory management for global retail stores, and in-flight Wi-Fi.”
The researchers traced the exposed satellite signals to companies such as T-Mobile, noting the recovered data included user SMS and voice call contents, user internet traffic, and cellular network signaling protocols. “From a 9-hour recording, we observed 2,711 users’ phone numbers from metadata associated with voice calls and messages,” the paper adds.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.
Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
In T-Mobile’s case, the carrier was likely using the geostationary satellites as “backhaul” for cell towers based in remote areas.
In another alarming find, the team was able to collect unencrypted satellite data “from sea vessels owned by the US military,” along with traffic from multiple organizations within the Mexican government and military, including personnel records, narcotics activity, and military asset tracking. Other unencrypted satellite traffic was traced to “Walmart-Mexico” and “AT&T Mexico.”
The good news is that most of the affected parties, including T-Mobile and AT&T, have resolved the issue by implementing encryption. T-Mobile also told us the scale of the issue was small.”This is not network-wide – it was less than 0.10% of sites, all in very isolated, low-population areas and carry low traffic. We worked with the vendor to quickly solve the misconfiguration, and we implemented SIP encryption,” the carrier said.
But others have yet to roll out a fix, despite warnings from the researchers, Wired reports.
Other researchers have also examined intercepting satellite traffic, but low signal quality has been a barrier, which may have mitigated the threat in the past to some extent. But the researchers were able to overcome this problem by developing a method that can “accurately gather raw data from hundreds of transponders” on board orbiting satellites. The team has since released their method on GitHub to push more satellite owners to encrypt their data.
Their paper adds: “The vulnerability that we found does not affect T-Mobile’s new Low-Earth Orbit Starlink deployment,” also known as T-Satellite. SpaceX says it uses the “ISO/IEC 27001” framework for data security, which includes using cryptography to protect data in transit.
About Our Expert
Michael Kan
Senior Reporter
Experience
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.