“We were shocked:” Gear ordered online can intercept secret satellite data
Just $800 worth of off-the-shelf equipment can intercept military communication on satellites, new research has found.
A new study by researchers at the University of California, San Diego (UCSD) and the University of Maryland (UMD) has revealed a staggering global security gap.
Researchers revealed that roughly half of all satellite communications are broadcast completely unencrypted, exposing everything from airline WiFi sessions to military chatter. Even more troublesome is that the research team did it all using less than $800 worth of off-the-shelf equipment.
The researchers cobbled together a satellite receiver system using gear that anyone can buy online from the roof of a UCSD building in San Diego. This included a $185 dish, a $140 roof mount, a $195 motor, and a $230 tuner card.
They pointed the dish toward geostationary satellites orbiting tens of thousands of miles above Earth and, almost immediately, began intercepting private data flowing freely through space.
“We were shocked,”
said Aaron Schulman, a UCSD computer science professor and co-lead author of the study.
“Some critical pieces of our infrastructure rely on this satellite ecosystem, and our expectation was that it would all be encrypted. And just time and time again, every time we found something new, it wasn’t.”
The weak link lies in how telecom providers connect remote cell towers to their networks. Towers in deserts, mountains, or offshore areas beam traffic through satellites instead of fiber, and that data can often be intercepted by anyone within the satellite’s coverage area, which can stretch over 40% of the Earth’s surface.
Have thoughts about this topic? Others do, too. Join them in the discussion.
Over three years, the researchers collected a trove of unprotected communications, including calls and texts from Americans on T-Mobile’s network, AT&T Mexico, and Telmex, in-flight WiFi browsing data from airline passengers, internal messages from power utilities and oil platforms, and even transmissions from US and Mexican military systems.
Among the exposed signals were US Navy ship identifiers and internet traffic, as well as Mexican military intelligence reports, aircraft maintenance logs, and real-time troop location data.
They also detected unprotected communications from Mexico’s national power company, the Comisión Federal de Electricidad (CFE), which serves around 50 million customers.
The transmissions included customer details, work orders, and safety reports. Some US industrial control systems were also found to be sending unencrypted operational data over satellites.
The researchers are not optimistic.
“It’s crazy. The fact that this much data is going over satellites that anyone can pick up with an antenna is just incredible,” Matt Green, a computer science professor at Johns Hopkins University who reviewed the study, told Wired.
“This paper will fix a small part of the problem, but I don’t think much will change.”
Unlock more exclusive Cybernews content on YouTube.
