Researchers Uncover Unsecured Satellite Data Exposing Sensitive Communications

A team of researchers from UC San Diego and the University of Maryland has revealed alarming findings regarding unsecured satellite communications. Over a three-year period, they successfully intercepted sensitive information transmitted via geostationary satellites using a basic receiver system, uncovering private calls, text messages, and even military communications.

The researchers utilized off-the-shelf equipment, including a $180 satellite dish, a $195 motor system, and a $230 tuner card. Professor Aaron Schulman of UC San Diego expressed his surprise at the results, stating, “There are some really critical pieces of our infrastructure relying on this satellite ecosystem, and our suspicion was that it would all be encrypted. And just time and time again, every time we found something new, it wasn’t.”

Their efforts detected unsecured communications from various sources, including the T-Mobile cellular network, utility infrastructures, in-flight Wi-Fi services, and even military and law enforcement channels. The ease of access to such sensitive information raised serious concerns about security protocols across the satellite communication sector.

Serious Security Oversights

The researchers were able to intercept data from approximately 15% of operational satellites, revealing numerous unencrypted communications that suggest a broader issue within the satellite communication ecosystem. During a nine-hour recording session, they accessed phone numbers, calls, and text messages from over 2,700 users. Importantly, the data intercepted was one-sided, meaning they captured information being sent to users, not from their devices.

Co-leader of the study, Professor Dave Levin, questioned the legality of their findings, asking, “Did we just commit a felony? Did we just wiretap?” Despite their passive listening methods, the capability of accessing such vast amounts of data with minimal equipment was troubling.

Remarkably, the team also intercepted unencrypted internet communications from U.S. military vessels, identifying vessel names and operational details. More concerning were the details gleaned from Mexican military communications, which included intelligence on narcotics tracking and military asset maintenance records.

Response from Affected Entities

Following the study’s findings, the research team notified various companies and agencies about the unencrypted information, with mixed responses. While organizations like T-Mobile, Walmart, and KPU have since implemented some form of encryption, other unidentified parties continue to transmit data without adequate security measures.

The researchers highlighted the ease of access to the intercepted data, noting that their relatively low-cost equipment was sufficient to reveal substantial amounts of sensitive information. “These signals are just being broadcast to over 40% of the Earth at any point in time,” Levin stated.

Despite the potential for misuse, the researchers maintain that their work aims to identify vulnerabilities and promote security enhancements in satellite communications. Schulman emphasized, “As long as we’re on the side of finding things that are insecure and securing them, we feel very good about it.”

This study serves as a wake-up call for satellite communication providers, urging them to tighten security protocols to protect sensitive information from being easily accessed by unauthorized individuals.