{"id":259683,"date":"2025-11-13T02:53:11","date_gmt":"2025-11-13T02:53:11","guid":{"rendered":"https:\/\/www.newsbeep.com\/uk\/259683\/"},"modified":"2025-11-13T02:53:11","modified_gmt":"2025-11-13T02:53:11","slug":"half-of-the-worlds-satellites-are-leaking-unencrypted-data-from-phones-planes-and-even-the-military","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/uk\/259683\/","title":{"rendered":"Half of the World\u2019s Satellites Are Leaking Unencrypted Data From Phones, Planes, and Even the Military"},"content":{"rendered":"

\"\"<\/a>Credit: ZME Science\/Midjourney.<\/p>\n

If you have a few hundred dollars, a roof, and a clear view of the sky, you can listen to the world\u2019s secrets.<\/p>\n

That\u2019s what a group of cybersecurity researchers discovered when they set up an ordinary satellite dish on a university rooftop in San Diego. What began as a simple experiment to test old satellite security systems spiraled into one of the most alarming exposures of modern communications. <\/p>\n

With off-the-shelf hardware and open-source tools, they intercepted private phone calls, text messages, and data transmissions from government agencies, airlines, and even the military \u2014 shockingly, none of it was encrypted.<\/p>\n

A Sky Full of Unlocked Doors<\/p>\n

Geostationary satellites orbit 22,000 miles (35,000 km) above Earth, holding their position over the same point on the planet. They were the backbone of global communication long before low-orbit constellations like Starlink arrived. Today, many still beam data for airlines, oil rigs, utilities, and rural cell towers. And as it turns out, much of that data is shockingly exposed.<\/p>\n

\u201cA shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens\u2019 voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks,\u201d the researchers wrote in their paper<\/a>, presented at the 32nd ACM Conference. \u201cThis data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware.\u201d <\/p>\n

In plain terms, this means that for years, many satellites have been transmitting streams of private and classified data into the open air. \u201cIt just completely shocked us,\u201d Aaron Schulman, a UC San Diego professor who co-led the study, told Wired<\/a>. <\/p>\n

\u201cThere are some really critical pieces of our infrastructure relying on this satellite ecosystem, and our suspicion was that it would all be encrypted. And just time and time again, every time we found something new, it wasn\u2019t.\u201d <\/p>\n

The team, from UC San Diego and the University of Maryland, spent three years scanning 39 satellites visible from Southern California. They expected to find some encryption flaws. Instead, they found none at all. \u201cWe thought we would try to listen and then see whether we could break this cryptography,\u201d Dave Levin, a computer science professor at the University of Maryland, told Space.com<\/a>. \u201cIt turned out we didn\u2019t have to because the cryptography wasn\u2019t used at all in large part.\u201d <\/p>\n

Their $800 setup \u2014 an $185 dish, a $140 mount, a $195 motor, and a $230 tuner card \u2014 wasn\u2019t exactly what you\u2019d call cutting-edge espionage gear. Everything was off-the-shelf stuff that anyone can buy, let alone a nefarious state actor.<\/p>\n

Unsettling Observation<\/p>\n

\"The <\/a>UCSD and UMD researchers pose with their satellite receiver system on the roof of a university building in San Diego. Credit: Ryan Kosta.<\/p>\n

Over the course of their study, the researchers picked up everything from airline Wi-Fi traffic to military coordinates. They found that Mexican military and police units were transmitting mission details and helicopter locations in plain text. \u201cWhen we started seeing military helicopters, it wasn\u2019t necessarily the sheer volume of data, but the extreme sensitivity of that data that concerned us,\u201d said Schulman. <\/p>\n

They also found that Mexico\u2019s state-owned electric utility, the Comisi\u00f3n Federal de Electricidad (CFE), was sending unprotected communications about equipment failures, maintenance, and even customers\u2019 names and addresses.<\/p>\n

Meanwhile, U.S. military vessels sent out unencrypted communications that revealed ship names and internal traffic. <\/p>\n

But the most unsettling discovery may have been how much ordinary consumer data was floating through the ether. <\/p>\n

The Eavesdropper\u2019s Dream Come True<\/p>\n

In just nine hours of listening to one satellite carrying T-Mobile\u2019s backhaul traffic \u2014 the connections between remote towers and the core network \u2014 the researchers collected the phone numbers of more than 2,700 users, along with calls and text messages.<\/p>\n

\u201cWhen we saw all this, my first question was, did we just commit a felony? Did we just wiretap?\u201d Levin recalled in an interview with Wired. \u201cThese signals are just being broadcast to over 40 percent of the Earth at any point in time.\u201d <\/p>\n

The experiment revealed how exposed modern communications are when they rely on outdated systems. They also found satellite signals carrying metadata, authentication codes, and fragments of web traffic from commercial airliners. When the researchers reconstructed in-flight Wi-Fi sessions, they could identify passengers\u2019 browsing habits. They could even hear unencrypted audio from in-flight entertainment.<\/p>\n

Encryption failures like these are not new \u2014 but their scale here is unprecedented. According to the researchers, the satellites they tested represent just 15 percent of the global geostationary fleet. That means there\u2019s a vast, unseen world of unprotected data still raining from orbit.<\/p>\n

\u201cIt\u2019s crazy,\u201d said Matt Green, a computer science professor at Johns Hopkins University who reviewed the study. \u201cThe fact that this much data is going over satellites that anyone can pick up with an antenna is just incredible.\u201d<\/p>\n

Green added that he \u201cwould be shocked if this is something that intelligence agencies of any size are not already exploiting.\u201d<\/p>\n

Don\u2019t Look Up \u2014 Or Maybe Do<\/p>\n

The team titled their paper \u201cDon\u2019t Look Up\u201d, a nod both to the 2021 climate satire movie<\/a> and the industry\u2019s apparent security philosophy. As Schulman explained for Wired, \u201cThey assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security. They just really didn\u2019t think anyone would look up.\u201d <\/p>\n

The group has since spent months alerting affected companies. T-Mobile responded quickly, encrypting its satellite transmissions within weeks. AT&T also issued fixes. But many other operators, especially those managing critical infrastructure, were slower to react.<\/p>\n

To encourage transparency, the team plans to release an open-source tool. Also called Don\u2019t Look Up, it will let anyone decode satellite data.<\/p>\n

The stakes are clear. As UCSD cryptography professor Nadia Heninger said jokingly, if intelligence agencies aren\u2019t already exploiting these unprotected signals, \u201cthen where are my tax dollars going?\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"Credit: ZME Science\/Midjourney. If you have a few hundred dollars, a roof, and a clear view of the…\n","protected":false},"author":2,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[],"class_list":{"0":"post-259683","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-space"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/259683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/comments?post=259683"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/259683\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media?parent=259683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/categories?post=259683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/tags?post=259683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}