Data transmitted via satellite may not be as secure as previously thought.
A new study published on Monday found that communications from cellphone carriers, retailers, banks, and even militaries are being broadcast unencrypted through geostationary satellites.
Researchers from the University of California, San Diego (UCSD) and the University of Maryland scanned 39 of these satellites from a rooftop in Southern California over three years. They found that roughly half of the signals they analyzed were transmitting unencrypted data, potentially exposing everything from phone calls and military logistics to a retail chain’s inventory.
“There is a clear mismatch between how satellite customers expect data to be secured and how it is secured in practice,” the researchers wrote in their paper titled “Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites.” The findings are also being presented this week at an Association for Computing Machinery conference in Taiwan. The paper’s title is a clear reference to the 2021 Netflix movie, used in this case as a metaphor for the satellites’ lack of security.
“They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security,” Aaron Schulman, a UCSD professor and co-lead of the study, told Wired. “They just really didn’t think anyone would look up.”
Even more surprisingly, the researchers didn’t need any fancy spy gear to collect this data. Their setup used only off-the-shelf hardware, including a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card. Altogether, the system cost roughly $750 and was installed on a university building in La Jolla, San Diego.
What the researchers found
With their simple setup, the researchers were able to collect a wide range of communication data, including phone calls, texts, in-flight Wi-Fi data from airline passengers, and signals from electric utilities. They even obtained U.S. and Mexican military and law enforcement communications, as well as ATM transactions and corporate communications.
Some of the affected organizations included Walmart-Mexico, Santander Mexico, and Banjercito, the researchers said.
When it came to telecoms, specifically, the team collected phone numbers, calls, and texts from customers of T-Mobile, AT&T Mexico, and Telmex. According to the researchers, these signals were exposed because telecom companies often rely on satellites to provide coverage to customers in remote areas. For instance, remote towers in desert regions of the U.S. connect to a satellite, which then relays signals to the carrier’s core network. This extra internal step is known as backhaul traffic and was found unencrypted in some cases by the team. It only took the team nine hours to collect the phone numbers of over 2,700 T-Mobile users, along with some of their calls and text messages.
... continue reading