Satellites found exposing unencrypted data, including phone calls and some military comms

Security researchers from UC San Diego and the University of Maryland have uncovered that up to half of all geostationary satellites are transmitting sensitive consumer, corporate, and military data without encryption. Using an off-the-shelf satellite receiver over a three-year period, they intercepted unencrypted information including private phone calls, text messages, in-flight Wi-Fi internet traffic, and communications from critical infrastructure systems such as energy, water suppliers, and offshore oil and gas platforms. The researchers have spent the past year notifying affected organizations, prompting some, like T-Mobile and AT&T’s Mexican network, to begin encrypting their satellite transmissions. However, many entities, including certain critical infrastructure providers, have yet to secure their data, leaving substantial amounts of satellite communications vulnerable to eavesdropping for the foreseeable future. This ongoing exposure highlights significant security risks in satellite data transmission that require urgent attention.