
Roughly half of all geostationary satellite signals are being transmitted without encryption, leading to significant satellite data leaks. Researchers from UC San Diego and the University of Maryland successfully intercepted a wide variety of sensitive information by using a simple satellite receiver system.Â
A multi-year research project has revealed a troubling lack of basic security practices within the global satellite communications ecosystem, a vulnerability researchers describe as security through obscurity, assuming no one would monitor these signals.
With just $800 in commercially available hardware, the research team intercepted unencrypted communications from a portion of satellites visible from their location in Southern California.Â
The compromised information included:
This demonstrates that a low barrier to entry exists for intercepting such data. The team’s findings will be presented at a Taiwan Association for Computing Machinery conference.
Among the most critical findings was the exposure of sensitive government and military data. The team captured unencrypted communications from U.S. military sea vessels and detailed intelligence from Mexican military and law enforcement operations, including asset tracking for helicopters and armored vehicles.Â
Mexico’s state-owned electric utility, Comisión Federal de Electricidad (CFE), transmitted internal communications in plain text, and some U.S. industrial control systems were also found to send unencrypted operational data.
These cybersecurity risks are not theoretical; the study suggests that intelligence agencies worldwide are likely already exploiting these vulnerabilities.Â
While some affected companies, like Walmart, have since moved to encrypt their transmissions, the research indicates a systemic and ongoing security failure across the satellite industry.
In May, AT&T, T-Mobile, and Verizon were under scrutiny for failing to notify lawmakers of surveillance requests.