If you have a few hundred dollars, a roof, and a clear view of the sky, you can listen to the world’s secrets.
That’s what a group of cybersecurity researchers discovered when they set up an ordinary satellite dish on a university rooftop in San Diego. What began as a simple experiment to test old satellite security systems spiraled into one of the most alarming exposures of modern communications.
With off-the-shelf hardware and open-source tools, they intercepted private phone calls, text messages, and data transmissions from government agencies, airlines, and even the military — shockingly, none of it was encrypted.
A Sky Full of Unlocked Doors
Geostationary satellites orbit 22,000 miles (35,000 km) above Earth, holding their position over the same point on the planet. They were the backbone of global communication long before low-orbit constellations like Starlink arrived. Today, many still beam data for airlines, oil rigs, utilities, and rural cell towers. And as it turns out, much of that data is shockingly exposed.
“A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks,” the researchers wrote in their paper, presented at the 32nd ACM Conference. “This data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware.”
In plain terms, this means that for years, many satellites have been transmitting streams of private and classified data into the open air. “It just completely shocked us,” Aaron Schulman, a UC San Diego professor who co-led the study, told Wired.
“There are some really critical pieces of our infrastructure relying on this satellite ecosystem, and our suspicion was that it would all be encrypted. And just time and time again, every time we found something new, it wasn’t.”
The team, from UC San Diego and the University of Maryland, spent three years scanning 39 satellites visible from Southern California. They expected to find some encryption flaws. Instead, they found none at all. “We thought we would try to listen and then see whether we could break this cryptography,” Dave Levin, a computer science professor at the University of Maryland, told Space.com. “It turned out we didn’t have to because the cryptography wasn’t used at all in large part.”
Their $800 setup — an $185 dish, a $140 mount, a $195 motor, and a $230 tuner card — wasn’t exactly what you’d call cutting-edge espionage gear. Everything was off-the-shelf stuff that anyone can buy, let alone a nefarious state actor.
Unsettling Observation
Over the course of their study, the researchers picked up everything from airline Wi-Fi traffic to military coordinates. They found that Mexican military and police units were transmitting mission details and helicopter locations in plain text. “When we started seeing military helicopters, it wasn’t necessarily the sheer volume of data, but the extreme sensitivity of that data that concerned us,” said Schulman.
They also found that Mexico’s state-owned electric utility, the Comisión Federal de Electricidad (CFE), was sending unprotected communications about equipment failures, maintenance, and even customers’ names and addresses.
Meanwhile, U.S. military vessels sent out unencrypted communications that revealed ship names and internal traffic.
But the most unsettling discovery may have been how much ordinary consumer data was floating through the ether.
The Eavesdropper’s Dream Come True
In just nine hours of listening to one satellite carrying T-Mobile’s backhaul traffic — the connections between remote towers and the core network — the researchers collected the phone numbers of more than 2,700 users, along with calls and text messages.
“When we saw all this, my first question was, did we just commit a felony? Did we just wiretap?” Levin recalled in an interview with Wired. “These signals are just being broadcast to over 40 percent of the Earth at any point in time.”
The experiment revealed how exposed modern communications are when they rely on outdated systems. They also found satellite signals carrying metadata, authentication codes, and fragments of web traffic from commercial airliners. When the researchers reconstructed in-flight Wi-Fi sessions, they could identify passengers’ browsing habits. They could even hear unencrypted audio from in-flight entertainment.
Encryption failures like these are not new — but their scale here is unprecedented. According to the researchers, the satellites they tested represent just 15 percent of the global geostationary fleet. That means there’s a vast, unseen world of unprotected data still raining from orbit.
“It’s crazy,” said Matt Green, a computer science professor at Johns Hopkins University who reviewed the study. “The fact that this much data is going over satellites that anyone can pick up with an antenna is just incredible.”
Green added that he “would be shocked if this is something that intelligence agencies of any size are not already exploiting.”
Don’t Look Up — Or Maybe Do
The team titled their paper “Don’t Look Up”, a nod both to the 2021 climate satire movie and the industry’s apparent security philosophy. As Schulman explained for Wired, “They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security. They just really didn’t think anyone would look up.”
The group has since spent months alerting affected companies. T-Mobile responded quickly, encrypting its satellite transmissions within weeks. AT&T also issued fixes. But many other operators, especially those managing critical infrastructure, were slower to react.
To encourage transparency, the team plans to release an open-source tool. Also called Don’t Look Up, it will let anyone decode satellite data.
The stakes are clear. As UCSD cryptography professor Nadia Heninger said jokingly, if intelligence agencies aren’t already exploiting these unprotected signals, “then where are my tax dollars going?”
www.zmescience.com (Article Sourced Website)
#Worlds #Satellites #Leaking #Unencrypted #Data #Phones #Planes #Military