Satellite Communication Has No Encryption: Anyone Can Intercept Messages, Calls, and Traffic
Researchers from UC San Diego and the University of Maryland have demonstrated how to intercept sensitive satellite data, including military communications, using just $800 worth of equipment. The surprising vulnerability? Much of this data is transmitted completely unencrypted.
A Treasure Trove of Unencrypted Data
Operating from a university rooftop in San Diego, the team pointed their antenna at various geostationary satellites and monitored their signals for months. They successfully collected a vast amount of confidential information, including:
- Text messages and phone call records.
- In-flight Wi-Fi browsing history from airline passengers.
- Communications from critical infrastructure, such as power plants and offshore oil rigs.
- Correspondence between U.S. and Mexican military and law enforcement, which revealed the locations of personnel and equipment.
They assumed that nobody would ever check and scan all these satellites and figure out what’s on them. That was their security model. They just didn't think anybody would do it.
Disclosure and Global Implications
After uncovering the vulnerability, the team notified all affected companies and government agencies. While some, like T-Mobile and AT&T Mexico, quickly implemented encryption, many others have yet to act. Given the limited geographic scope of this single, low-cost receiver, the findings suggest the true scale of this global security issue could be staggering.