It turns out that a large swath of geostationary satellite data is unencrypted over North America, the researchers wrote in a paper<\/a> published on Monday. \u201cWe found 50% of GEO links contained cleartext IP traffic… The severity of our findings suggests that these organizations do not routinely monitor the security of their own satellite communication links.\u201d<\/p>\n The results also shocked the team of researchers, according<\/a> to Wired, which noted the surveillance gap is so glaring that it\u2019s possible foreign intelligence agencies or other bad actors might be exploiting the unencrypted satellite data for spying.\u00a0<\/p>\n \n (Credit: Research paper)\n<\/p>\n Researchers monitored radio signals to 39 geostationary satellites from \u201ca single vantage point\u201d in La Jolla, California, using a standard satellite dish. They saw \u201cunencrypted cellular backhaul traffic from several providers, including cleartext call and text contents, job scheduling, and industrial control systems for utility infrastructure, military asset tracking, inventory management for global retail stores, and in-flight Wi-Fi.\u201d<\/p>\n The researchers traced the exposed satellite signals to companies such as T-Mobile, noting the recovered data included user SMS and voice call contents, user internet traffic, and cellular network signaling protocols. “From a 9-hour recording, we observed 2,711 users\u2019 phone numbers from metadata associated with voice calls and messages,\u201d the paper adds.\u00a0<\/p>\n \n Get Our Best Stories!\n <\/p>\n Stay Safe With the Latest Security News and Updates<\/p>\n Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.<\/p>\n Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.<\/p>\n \n By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use<\/a> and Privacy Policy<\/a>.\n <\/p>\n Thanks for signing up!<\/p>\n Your subscription has been confirmed. Keep an eye on your inbox!<\/p>\n In T-Mobile’s case, the carrier was likely using the geostationary satellites as “backhaul<\/a>” for cell towers based in remote areas. <\/p>\n In another alarming find, the team was able to collect unencrypted satellite data \u201cfrom sea vessels owned by the US military,\u201d along with traffic from multiple organizations within the Mexican government and military, including personnel records, narcotics activity, and military asset tracking. Other unencrypted satellite traffic was traced to\u00a0\u201cWalmart-Mexico\u201d and \u201cAT&T Mexico.\u201d<\/p>\n The good news is that most of the affected parties, including T-Mobile and AT&T, have resolved the issue by implementing encryption. T-Mobile also told us the scale of the issue was small.”This is not network-wide \u2013 it was less than 0.10% of sites, all in very isolated, low-population areas and carry low traffic. We worked with the vendor to quickly solve the misconfiguration, and we implemented SIP encryption,” the carrier said. <\/p>\n But others have yet to roll out a fix, despite warnings from the researchers, Wired reports.<\/p>\n Other researchers have also examined intercepting satellite traffic, but low signal quality has been a barrier, which may have mitigated the threat in the past to some extent.\u00a0But the researchers were able to overcome this problem by developing a method that can \u201caccurately gather raw data from hundreds of transponders\u201d on board orbiting satellites. The team has since released their method on GitHub to push more satellite owners to encrypt their data.\u00a0<\/p>\n Their paper adds: \u201cThe vulnerability that we found does not affect T-Mobile\u2019s new Low-Earth Orbit Starlink deployment,\u201d also known as T-Satellite<\/a>. SpaceX says it uses the \u201cISO\/IEC 27001\u201d\u00a0 framework<\/a> for data security, which includes<\/a> using cryptography to protect data in transit.\u00a0<\/p>\n About Our Expert<\/p>\n Michael Kan<\/p>\n Senior Reporter<\/p>\n Experience<\/p>\n I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.<\/p>\n Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service. <\/p>\n I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast<\/a> to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation<\/a> with Motherboard.<\/p>\n I also cover the PC graphics card market. Pandemic-era shortages led me to camp out<\/a> in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.<\/p>\n![\"satellite](\"https:\/\/i.pcmag.com\/imagery\/articles\/01aqQHXlIHXHjEUxEPt2AoK-3.jpg\")
![\"Newsletter](\"https:\/\/www.pcmag.com\/images\/newsletter-envelope.svg\")
<\/p>\n<\/p>\n![\"SecurityWatch](\"https:\/\/www.newsbeep.com\/uk\/wp-content\/uploads\/2025\/07\/17707707-contextual.fit_lpad.size_250x140.v1750711966.png\")
<\/p>\n![\"Michael](\"https:\/\/www.newsbeep.com\/uk\/wp-content\/uploads\/2025\/09\/06W4G6A5rmg4LxEffqKnnc6.fit_lim.size_100x100.v1560221550.png\")
<\/p>\n