you Only Need $750 to Expose Sensitive Data Via Satellite
A recent study has revealed a surprising vulnerability in global communications: sensitive, unencrypted data is being broadcast through geostationary satellites. Researchers from the university of California,San Diego (UCSD) and the University of Maryland demonstrated that this exposure isn’t reliant on sophisticated espionage technology,but can be achieved with readily available,off-the-shelf equipment costing approximately $750.
Over three years, the team scanned 39 satellites from a rooftop in Southern California. Their setup included a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card, installed on a university building in La Jolla, San Diego.The analysis revealed that roughly half of the signals examined were transmitting data without encryption.
The exposed data encompassed a wide range of communications, including phone calls, text messages, in-flight Wi-Fi data, signals from electric utilities, and even sensitive information from U.S. and Mexican military and law enforcement agencies. Specifically, the researchers intercepted phone numbers, calls, and texts from customers of T-Mobile, AT&T Mexico, and Telmex, collecting data on over 2,700 T-Mobile users in just nine hours. ATM transactions and corporate communications were also captured.
The study, titled “Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites,” highlights a critical disconnect between expectations of data security and actual security practices.According to UCSD professor and co-lead researcher Aaron Schulman, many organizations operated under the assumption that their satellite communications wouldn’t be actively monitored.
Following the discovery of vulnerabilities, the research team proactively contacted responsible parties to disclose the issues. T-Mobile attributed the lack of encryption to “a vendor’s technical misconfiguration” affecting “a limited number of cell sites,” and stated they implemented nationwide Session Initiation Protocol (SIP) encryption to protect signaling traffic. The researchers verified remedies were deployed by T-mobile, Walmart, and KPU after re-scanning.
The researchers noted that the exposure was limited to a relatively small number of cell towers in specific remote areas. however, the study underscores a significant security risk and demonstrates how easily sensitive information can be intercepted with minimal resources.
