Shockingly large amounts of private communication – including voice calls, text messages, and sensitive corporate and government data – are being transmitted over satellite links without any encryption, exposing millions of users to potential interception. Researchers made this grim discovery while examining internet traffic routed through geostationary satellites visible from Southern California.
Their experiment, using a modest commercial satellite dish mounted on a university campus, revealed an alarming reality: sensitive information intended for critical infrastructure providers, governments, corporations, and even everyday citizens was being broadcast in the clear – essentially, like sending a postcard instead of a sealed letter. This means anyone with a few hundred dollars worth of readily available equipment could eavesdrop.
“A shockingly large amount of sensitive traffic is being broadcast unencrypted,” the researchers stated, highlighting the vulnerability of voice calls, text messages, internal corporate and government communications, and even consumer internet traffic from in-flight Wi-Fi and mobile networks.
The culprits aren’t malicious hackers but outdated technology. Geostationary satellites, used extensively for military and civilian communication due to their ability to provide continuous coverage over large areas, are primarily based on older systems that haven’t kept pace with modern encryption standards.
“These geostationary satellites are a somewhat older technology,” explained Dave Levin, an associate professor at the University of Maryland who led the research. “We thought we would try to listen and break the cryptography, but it turned out we didn’t have to because no cryptography was used.”
The study focused on roughly 15% of the global geostationary satellite fleet, prompting concerns that the widespread lack of encryption is even more pervasive than researchers initially realized. Among the intercepted communications were transmissions from Mexican military and police forces, as well as some U.S. government agencies.
Beyond mere interception, this vulnerability poses a significant threat to security. Attackers could potentially intercept two-factor authentication codes used for system logins, or actively inject malicious messages into communication streams, disrupting critical infrastructure or sowing chaos within organizations.
While the researchers haven’t publicly named all affected companies – they are adhering to responsible disclosure practices to allow time for mitigation – they emphasize that millions of users are unknowingly vulnerable. The sheer volume of unencrypted data is staggering; even a brief investigation yielded an overwhelming amount of intercepted communications, hinting at the treasure trove available to determined attackers with more sophisticated setups.
The discovery highlights the urgent need for satellite operators and companies utilizing these links to prioritize encryption and ensure their sensitive data isn’t broadcast openly into cyberspace.
