Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
Communications Space Privacy

Satellites Are Leaking the World's Secrets: Calls, Texts, Military and Corporate Data (wired.com) 21

Posted by msmash from the don't-look-up dept.
Researchers at UC San Diego and the University of Maryland have found that roughly half of geostationary satellite signals transmit sensitive data without encryption. The team spent three years using an $800 satellite receiver on a university rooftop in San Diego to intercept communications from satellites visible from their location. They collected phone calls and text messages from more than 2,700 T-Mobile users in just nine hours of recording.

The researchers also obtained data from airline passengers using in-flight Wi-Fi, communications from electric utilities and offshore oil and gas platforms, and US and Mexican military communications that revealed personnel locations and equipment details. The exposed data resulted from telecommunications companies using satellites to relay signals from remote cell towers to their core networks.

The researchers examined only about 15% of global satellite transponder communications and presented their findings at an Association for Computing Machinery conference in Taiwan this week. Most companies warned by the researchers have encrypted their satellite transmissions, but some US critical infrastructure owners have not yet added encryption.
This discussion has been archived. No new comments can be posted.

Satellites Are Leaking the World's Secrets: Calls, Texts, Military and Corporate Data More

Satellites Are Leaking the World's Secrets: Calls, Texts, Military and Corporate Data

Comments Filter:

  • Geostationary satellite are hard to upgrade since they are so far away and an upgrade might be required if the hardware on board does any kind of packet inspection which remains a question to me. Application level encryption (packet payloads) should still work although so maybe the satellites have nothing to do with it if applications using them don't bother to encrypt their payloads.

    • Re: (Score:3, Insightful)

      by SmaryJerry ( 2759091 )

      Application level encryption (packet payloads) should still work although so maybe the satellites have nothing to do with it if applications using them don't bother to encrypt their payloads.

      There should really be two levels of encryption. One level of encryption through the satellite provide and another level of encryption by the data sending, to protect their data from being seen by the satellite provider. This is a two fold mistake.

      • Most applications transmit over SSL anyway, meaning the data is encrypted behind the link layer, at the application layer. Just because you check your bank balance over unencrypted networking, doesn't mean SSL is invalidated. At worst, someone could tell someone in your household is talking to your bank's servers at that time.
        • I'll add the nitpick that SSL has been deprecated for a decade, and we use TLS now; albeit an evolution of the SSL protocol. Otherwise you're absolutely right, via public WiFi or eavesdropping satellite links, due to use of encryption at the transport layer between endpoints, mere packet header data can be obtained...which isn't very useful to an attacker.

      • Application level encryption (packet payloads) should still work although so maybe the satellites have nothing to do with it if applications using them don't bother to encrypt their payloads.

        There should really be two levels of encryption. One level of encryption through the satellite provide and another level of encryption by the data sending, to protect their data from being seen by the satellite provider. This is a two fold mistake.

        Isn't this sort of like arguing that IP should have always-on encryption? Not everyone wants or needs encryption, and some may prioritize speed or power instead.

        • The speed or power thing wreaks of the 1990s when encryption was computationally costly. These days, with CDNs and HTTP/2, the difference is negligible, and the TLS overhead minimal. I would argue most Internet traffic that's still plaintext isn't setup such a way because it is unnecessary, it's because there is a legacy use case or sheer laziness/ignorance. Your web site won't even rank on Google if it doesn't support HTTPS by default. Attempting to access Slashdot via HTTP results in a 301 redirect to
    • If they are only relaying data I guess it would be an easy fix, just send the data up encrypted and it just passes it along. But if they are actually needing to interact with the data I guess that's a problem.

    • Re: (Score:2)

      by mspohr ( 589790 )

      Too far away?
      I don't think you know how these satellites work.
      They have communication links. You don't have to send a technician up to the satellite to upgrade the software ;)

      "They collected phone calls and text messages from more than 2,700 T-Mobile users in just nine hours of recording.
      The researchers also obtained data from airline passengers using in-flight Wi-Fi, communications from electric utilities and offshore oil and gas platforms, and US and Mexican military communications that revealed personnel

  • We get signal (Score:1, Offtopic)

    by jfdavis668 ( 1414919 )
    Main screen turn on

  • UC San Diego

    Oops AT&T Mexico left off encryption? Taking money from both the Mexican govt and cartels, while f'ing them both over? Meanwhile whereever else it was "accidentally" left off, was turned back on? Or is now at least

  • End to end (Score:4)

    by russotto ( 537200 ) on Tuesday October 14, 2025 @12:27PM (#65724416) Journal

    And that's why end-to-end encryption is the only sort which can be trusted by the ends. None of this "SSL added and removed here" stuff. But of course governments strongly discourage its use, and especially any way to make it easier to use, because they want to eavesdrop.

    • Re: (Score:2)

      by gweihir ( 88907 )

      Exactly. Because end-to-end is the only way to ensure it is done competently, or as the story indicates, done at all.

    • Apple Messages - blue bubbles; not green bubbles - are end-to-end, though I did see something about "not encrypted on the iCloud server." Dunno if that applies anymore, since the article was from 4 years ago.
    • End to end is really difficult if you
      Lack the discipline to implement any kind of key management
      If you are sending data and don't know who you are sending it too (yes, this really happens)
      If you don't know that you are sending the data or assume someone else is encrypting it and sending it for you

      But there is a far far worse thing than not encrypting data. Not adding authentication to data that others will act on. Think of someone being able to pretend they are you to the bank and request the bank t

  • This is reminiscent (Score:5, Informative)

    by gabrieltss ( 64078 ) on Tuesday October 14, 2025 @12:57PM (#65724504)
    This is reminiscent of the satellite hackers inf the late 70's and into the 80's. They used to figure out the satellite down-link codes for a lot of the cable TV channels and publish them. If you had a programmable satellite receiver you could plug the codes in and get those channels for free. However the codes changed every month so you may or may not get the same channels every month. It just depended on what codes the satellite hackers were able to "glean" that month.

  • ... without effective encryption? I mean some _basic_ skill is required to keep secrets. Looks like these people do not have it.

    • Re: (Score:1)

      by Anonymous Coward

      Pete Hegseth

Slashdot Top Deals

For large values of one, one equals two, for small values of two.

Close