A comprehensive security study exposed significant vulnerabilities in geostationary satellite communications, revealing that sensitive data from corporations, governments and millions of consumers can be intercepted using equipment costing just a few hundred dollars. The University of California, San Diego and University of Maryland research team observed 411 transponders across 39 geostationary satellites over a seven-month period, capturing unencrypted traffic that included cellular backhaul data, military communications, corporate networks and consumer internet activity.

Using a consumer-grade satellite dish, positioning motor and TV tuner card mounted on a San Diego university building roof, researchers passively monitored data broadcast from satellites fixed in position relative to Earth’s surface. Their single location provided access to internet protocol traffic from 14% of all global Ku-band satellites, with individual transponder signals visible across areas covering up to 40% of Earth’s surface.

The captured data revealed extensive security gaps. Cellular backhaul transmissions from T-Mobile and other telecom providers exposed unencrypted calls, text messages, subscriber internet traffic, hardware identifiers and even encryption keys for cell towers in remote areas. Military and government communications included unprotected voice-over-internet-protocol calls, vessel tracking data and police operations. In-flight Wi-Fi systems transmitted passenger web browsing unencrypted, while multiple voice-over-internet-protocol providers broadcast call audio without protection.

Commercial entities including Walmart and financial institutions transmitted internal network traffic without encryption, exposing login credentials, corporate emails, inventory records and ATM networking information. Critical infrastructure operators—power utilities and oil and gas pipeline companies—used unprotected satellite links for remotely operated supervisory control and data acquisition systems and repair communications.

The researchers, who published their findings Oct. 13 in the peer-reviewed Proceedings of the 32nd ACM Conference on Computer and Communications Security, contacted affected organizations throughout 2024 and early 2025. T-Mobile, Walmart and KPU implemented remediation measures that researchers independently verified through follow-up monitoring.

The study did not examine low Earth orbit systems like Starlink, which the researchers noted appear to use encrypted links but have not been independently verified. The team’s passive observation approach required no hacking or interference with satellite operations, simply receiving broadcast signals that anyone with similar equipment could intercept without detection.

Industry experts cite several barriers to universal satellite encryption: bandwidth overhead from encryption protocols, power limitations for off-grid receivers, vendor licensing fees for link-layer encryption and concerns about troubleshooting complexity. Some organizations may be unaware their satellite communications lack encryption or underestimate eavesdropping risks.

The researchers recommend treating satellite links like unsecured public wireless networks, implementing defense-in-depth encryption at multiple layers including Transport Layer Security for applications, Internet Protocol Security for networks and beam-level encryption from satellite providers. The National Security Agency published guidance in 2022 recommending very small aperture terminal encryption.

Organizations seeking assistance determining whether their networks were exposed can contact the research team. The study’s custom protocol-parsing code has been released as open-source software on GitHub.

(Source: Report Executive Summary. Image from file)

Share

Share The Journal of Space Commerce