Researchers Uncover Massive Unencrypted Satellite Data Leaks: Calls, Texts, and Military Data Exposed
Published on October 15, 2025
- Widespread exposure: Geostationary satellite signals are unencrypted, exposing sensitive consumer, corporate, and government communications.
- Low-cost interception: Researchers successfully intercepted a vast array of private data, including military communications and cellular backhaul traffic.
- Significant risk: The findings suggest that hostile actors and intelligence agencies may be exploiting these vulnerabilities with ease.
Roughly half of all geostationary satellite signals are being transmitted without encryption, leading to significant satellite data leaks. Researchers from UC San Diego and the University of Maryland successfully intercepted a wide variety of sensitive information by using a simple satellite receiver system.
Scale of the Data Interception
A multi-year research project has revealed a troubling lack of basic security practices within the global satellite communications ecosystem, a vulnerability researchers describe as security through obscurity, assuming no one would monitor these signals.
With just $800 in commercially available hardware, the research team intercepted unencrypted communications from a portion of satellites visible from their location in Southern California.
The compromised information included:
- T-Mobile, AT&T Mexico, and Telmex customer calls and text messages sent via satellite backhaul
- Military communications revealing troop locations and movement data
- Critical infrastructure data from electric utilities and oil platforms
- Corporate records and emails, including ATM and financial transaction logs
- In-flight Wi-Fi traffic, exposing passenger metadata and messages
This demonstrates that a low barrier to entry exists for intercepting such data. The team’s findings will be presented at a Taiwan Association for Computing Machinery conference.
Military and Government Data Exposure
Among the most critical findings was the exposure of sensitive government and military data. The team captured unencrypted communications from U.S. military sea vessels and detailed intelligence from Mexican military and law enforcement operations, including asset tracking for helicopters and armored vehicles.
Mexico’s state-owned electric utility, Comisión Federal de Electricidad (CFE), transmitted internal communications in plain text, and some U.S. industrial control systems were also found to send unencrypted operational data.
These cybersecurity risks are not theoretical; the study suggests that intelligence agencies worldwide are likely already exploiting these vulnerabilities.
While some affected companies, like Walmart, have since moved to encrypt their transmissions, the research indicates a systemic and ongoing security failure across the satellite industry.
In May, AT&T, T-Mobile, and Verizon were under scrutiny for failing to notify lawmakers of surveillance requests.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular