A research paper being presented this week at the Annual Computer Security Applications Conference reveals that satellite internet services, including T-Mobile's, used unencrypted transmissions that could be intercepted with about $800 worth of gear.
Don't miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.
As first reported in Wired, research from scientists at the University of Maryland and the University of California, San Diego, found that users' calls and texts, as well as potentially sensitive data from military and corporate transmissions, could be accessed. (The full PDF research paper, titled "Don't Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites," can be found online.)
According to the Wired report and the research paper, some providers, including T-Mobile, made changes to address the vulnerability. Other unnamed providers have yet to fix the problem. The researchers declined to name them and said in the article that they've spent the past year warning satellite operators about the dangers of transmitting unencrypted data.
In a summary of the research paper, the scientists said they pointed a commercial-off-the-shelf satellite dish at the sky and conducted "the most comprehensive public study to date of geostationary satellite communication."
The scientists underlined that "a shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens' voice calls and SMS, and consumer internet traffic from in-flight Wi-Fi and mobile networks."
In an email to CNET, a spokesperson for T-Mobile said that only about 50 cell sites from a vendor were subject to the vulnerability out of about 82,715 sites across its network. The spokesperson said a technical misconfiguration identified by the research affected "remote, low-population areas" and was not a network-side issue.
The spokesperson also said, "We implemented nationwide Session Initiation Protocol (SIP) encryption for all customers to further protect signaling traffic as it travels between mobile handsets and the network core, including call setup, numbers dialed and text message content."
How to stay safe using satellite networks
Some customers might believe there's an expectation of encryption, or some basic privacy when using satellite networks for phone calls, texting or even seemingly innocuous activities like GPS tracking while hiking. But it's smart to assume the opposite.
... continue reading