SoylentNews

An Anonymous Coward writes:

Geostationary satellites are broadcasting large volumes of unencrypted data to Earth [theregister.com], including private voice calls and text messages as well as consumer internet traffic, researchers have discovered.

Scientists at the University of California, San Diego, and the University of Maryland, College Park, say they were able to pick up large amounts of sensitive traffic largely by just pointing a commercial off-the-shelf satellite dish at the sky from the roof of a university building in San Diego.

In its paper, Don't Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites [PDF] [ucsd.edu], the team describes how it performed a broad scan of IP traffic on 39 GEO satellites across 25 distinct longitudes and found that half of the signals they picked up contained cleartext IP traffic.

This included unencrypted cellular backhaul data sent from the core networks of several US operators, destined for cell towers in remote areas. Also found was unprotected internet traffic heading for in-flight Wi-Fi users aboard airliners, and unencrypted call audio from multiple VoIP providers.

According to the researchers, they were able to identify some observed satellite data as corresponding to T-Mobile cellular backhaul traffic. This included text and voice call contents, user internet traffic, and cellular network signaling protocols, all "in the clear," but T-Mobile quickly enabled encryption after learning about the problem.

More seriously, the team was able to observe unencrypted traffic for military systems including detailed tracking data for coastal vessel surveillance and operational data of a police force.

In addition, they found retail, financial, and banking companies all using unencrypted satellite communications to link their internal networks at various sites. The researchers were able to see unencrypted login credentials, corporate emails, inventory records, and information from ATM cash dispensers.

Reg readers will no doubt find this kind of negligence staggering after years of security breaches and warnings about locking down sensitive data. As the researchers note in their report: "There is a clear mismatch between how satellite customers expect data to be secured and how it is secured in practice; the severity of the vulnerabilities we discovered has certainly revised our own threat models for communications."

The team noted that the sheer level of unencrypted traffic observed results from a failure to encrypt at multiple levels of the communications protocol stack.

At the satellite link/transport layer, streams using MPEG encoding have the option to use MPEG scrambling. While TV transponders mostly do this, only 10 percent of the non-TV transponders did. Only 20 percent of transponders had encryption enabled for downlinks, and just 6 percent consistently used IPsec at the network layer.

The report notes that organizations with visibility into these networks have been raising alarms for some time. It cites a 2022 NSA security advisory about GEO satellite links that warns: "Most of these links are unencrypted, relying on frequency separation or predictable frequency hopping rather than encryption to separate communications."

The team states that it obtained clearance from legal counsel at their respective institutions for this research, and that it securely stored any unencrypted data collected from transmissions. It also claims that it made efforts to contact the relevant parties wherever possible to inform them of the security shortcomings.

A web page with greater detail of the research project can be accessed here. ®
Updated to add on October 15:

T-Mobile has been in touch with a statement since the publication of the story:

"T-Mobile immediately addressed a vendor's technical misconfiguration that affected a limited number of cell sites using geosynchronous satellite backhaul in remote, low-population areas, as identified in this research from 2024. This was not network-wide, is unrelated to our T-Satellite direct-to-cell offering, and we implemented nationwide Session Initiation Protocol (SIP) encryption for all customers to further protect signaling traffic as it travels between mobile handsets and the network core, including call set up, numbers dialed and text message content.

"We appreciate our collaboration with the security research community, whose work helps reinforce our ongoing commitment to protecting customer data and enhances security across the industry."

Eavesdropping on Internal Networks via Unencrypted Satellites
https://satcom.sysnet.ucsd.edu/ [ucsd.edu]
https://archive.ph/kpA93 [archive.ph]

We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks. This data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware. There are thousands of geostationary satellite transponders globally, and data from a single transponder may be visible from an area as large as 40% of the surface of the earth.

Original Submission