Major Security Flaws Found in Satellite Communications

Researchers from UC San Diego and the University of Maryland revealed that nearly half of geostationary satellite signals transmit unencrypted data, exposing sensitive communications from telecom networks, military operations, and critical infrastructure^[1].

Using just $800 in off-the-shelf equipment - a satellite dish, roof mount, motor and tuner card - the team intercepted vast amounts of unprotected data over three years from their San Diego location^[2]. Their findings included:

• T-Mobile cellular network traffic, including over 2,700 phone numbers and one-sided call/text content captured in just 9 hours^[2:1]
• U.S. military vessel communications and Mexican military/law enforcement data, including helicopter locations and narcotics intelligence^[2:2]
• Critical infrastructure communications from power grids and offshore oil platforms^[3]
• In-flight WiFi data from 10 different airlines^[2:3]

“It just completely shocked us. There are some really critical pieces of our infrastructure relying on this satellite ecosystem, and our suspicion was that it would all be encrypted,” said Aaron Schulman, UCSD professor who co-led the research^[2:4].

After being notified, some companies like T-Mobile quickly added encryption, while others, including certain U.S. critical infrastructure operators, have yet to secure their systems^[3:1].

The researchers estimate they accessed only 15% of global satellite transponders from their single location, suggesting the vulnerability’s true scope is far larger^[2:5]. Johns Hopkins professor Matt Green noted: “The fact that this much data is going over satellites that anyone can pick up with an antenna is just incredible”^[2:6].