![\"rooftop\"](\"https:\/\/www.newsbeep.com\/il\/wp-content\/uploads\/2025\/10\/GtmIFdMa0AIsq4D-1.jpeg\")
Much of the observation for the research was made from a simple rooftop in San Diego, California. (@Mortyzhang0311\/onX)<\/p>\n
\u201cGEO satellites<\/a> have been shown to be particularly susceptible to interception attacks,\u201d the scientists wrote.<\/p>\n \u201c\u2026 Given that any individual with a clear view of the sky and US $600 can set up their own GEO interception station from Earth, one would expect that GEO satellite links carrying sensitive commercial and government network traffic would use standardized link and\/or network layer encryption to prevent eavesdroppers,\u201d they wrote.<\/p>\n The six scientists from UCSD and UMD found that wasn\u2019t the case in their \u201cscan of IP traffic on 39 GEO satellites across 25 distinct longitudes with 411 transponders.\u201d<\/p>\n In a summary of their work<\/a>, they said that \u201ca shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens\u2019 voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks.\u201d<\/p>\n If you are an electricity customer in Mexico, there is a chance that your name, address and account number were observed by the UCSD and UMD computer scientists during their seven-month study in 2024 and early 2025.<\/p>\n While the study carried out by the U.S.-based scientists didn\u2019t have malicious intent, their work shows that people who do have such intent could access sensitive government, company and personal data using affordable technology, provided they have the necessary technical know-how.<\/p>\n \u201cIn this work, we demonstrate the feasibility of an attacker whose goal is to observe satellite traffic visible from their position by passively scanning as many GEO transmissions from a single vantage point on Earth as possible,\u201d the scientists wrote.<\/p>\n \u201cThis form of widescale interception has previously been assumed to only be feasible with state actor-grade equipment and software. More precisely, we demonstrate that a low-resource attacker, using COTS [commercial off-the-shelf], low-cost equipment can reliably intercept and decode hundreds of links from a single vantage point,\u201d they said.<\/p>\n The computer scientists\u2019 GEO interception station setup included a $180 satellite dish, a $195 dish motor, a $230 USB tuner card and other inexpensive \u201cmiscellaneous components.\u201d<\/p>\n Mexican government and military data intercepted\u00a0<\/p>\n The scientists used what they called \u201clow-cost consumer-grade satellite equipment\u201d to \u201ccomprehensively survey GEO satellite usage\u201d from a UCSD building in La Jolla, an upper-income neighborhood in San Diego.<\/p>\n They said that they \u201cobserved unencrypted satellite traffic belonging to government and military for multiple countries,\u201d including Mexico and the United States.<\/p>\n \u201cWe observed unencrypted satellite traffic from multiple organizations within the Mexican government, including military, law enforcement, and government agencies,\u201d the scientists wrote.<\/p>\n \u201cThese unencrypted links appear to be used to connect remote command centers, surveillance outposts, and mobile units via commercial satellite backhaul.\u201d<\/p>\n The scientists said they observed \u201clarge amounts of unencrypted HTTP<\/a> traffic\u201d belonging to the Mexican government, including:<\/p>\n References to military terminals, regions, and zones. Data from CFE, Walmart M\u00e9xico, Telmex, Banorte, Banj\u00e9rcito and AT&T M\u00e9xico also observed\u00a0<\/p>\n In their paper, the UCSD and UMD scientists also said that they had observed data from a number of Mexican companies, including the state-owned Federal Electricity Commission (CFE) and the bank Banorte.<\/p>\n CFE<\/p>\n The scientists said they \u201cobserved one transponder carrying unencrypted CFE internal communications.\u201d<\/p>\n The communications they saw included \u201cresponses for customer service and maintenance work orders with locations, urgency levels, and customer names, addresses, account numbers, and tariff types.\u201d<\/p>\n Walmart M\u00e9xico<\/p>\n The scientists said they identified \u201cthree satellite beams carrying unencrypted Walmart M\u00e9xico internal system traffic that could be received across North America.\u201d<\/p>\n Among the \u201cnotable internal network traffic\u201d they observed were unencrypted logins to Walmart M\u00e9xico\u2019s inventory management system and unencrypted internal corporate emails.<\/p>\n Santander M\u00e9xico, Banj\u00e9rcito and Banorte<\/p>\n The scientists also intercepted and observed unencrypted data from these three financial institutions. Santander and Banorte are large commercial banks while Banj\u00e9rcito<\/a> is a bank affiliated with the Mexican military.<\/p>\n In the case of Santander, the scientists said they observed unencrypted traffic related to ATM infrastructure.<\/p>\n In the case of Banj\u00e9rcito and Banorte, the scientists said they identified \u201cextensive unencrypted satellite traffic linked to the internal infrastructure of both banks being transmitted.\u201d<\/p>\n They didn\u2019t specifically mention that they were able to see personal and account data of customers of the three banks.<\/p>\n AT&T M\u00e9xico<\/p>\n The scientists said they observed \u201cunencrypted cellular backhaul traffic\u201d from AT&T M\u00e9xico, including \u201cprotocol metadata and cellular network signaling protocols, and raw user Internet traffic.\u201d<\/p>\n \u201c\u2026 In a 30-minute recording, we observed 710 users\u2019 phone numbers and related control and Internet traffic,\u201d they said.<\/p>\n Telmex<\/p>\n The scientists said their analysis \u201cidentified three satellite beams carrying unencrypted Telmex VoIP traffic,\u201d or Voice over Internet Protocol traffic<\/a>.<\/p>\n They said they observed \u201cunencrypted satellite backhaul traffic that included the plaintext contents of user voice calls, and protocol metadata and cellular signaling protocols.\u201d<\/p>\n The scientists informed the Mexican government and companies of their vulnerabilities\u00a0<\/p>\n The scientists said in their paper that they disclosed the vulnerabilities that affected the Mexican government, Telmex, Grupo Santander M\u00e9xico, Banj\u00e9rcito, and Banorte to CERT-MX on April 4, 2025.<\/p>\n![\"satellite\"](\"https:\/\/www.newsbeep.com\/il\/wp-content\/uploads\/2025\/10\/Satellites-are-leaking-secrets-study-shocks.jpg\")
The University of California, San Diego, publicized this explanatory image, giving the impression of how easily data can be intercepted if it\u2019s not encrypted. (UCSD)<\/p>\n
\nLaw enforcement asset inventory, personnel records, and traffic monitoring.
\nIncident reporting, case tracking, and evidence documentation by field personnel and administrative staff, including narcotics activity.
\nMilitary asset tracking records for aircraft, sea vessels, armored vehicles, and LIDAR and RADAR, including data on locations, deployments, mission roles, and maintenance logs.
\nReal-time military object telemetry with precise geolocation, identifiers, and live telemetry.<\/p>\n