In a new study conducted recently, researchers have uncovered a significant vulnerability in geostationary (GEO) satellite communications. By pointing a commercial-off-the-shelf satellite dish at the sky, they carried out a comprehensive public investigation, revealing that a shocking amount of sensitive traffic is being transmitted unencrypted. This includes critical infrastructure communications, internal corporate and government messages, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks. The data can be passively intercepted by anyone equipped with basic consumer-grade hardware costing just a few hundred dollars.
Exposed Network Traffic
The study highlighted several types of unsecured network traffic:
- Cellular Backhaul: Unencrypted data from telecom providers’ core networks to remote cell towers was found, containing calls, SMS, end-user Internet traffic, hardware identifiers such as IMSI, and cellular encryption keys.
- Military and Government: Researchers observed unencrypted VoIP and internet traffic, alongside encrypted internal communications from ships. Notably, unencrypted traffic related to military systems provided detailed tracking data for coastal vessel surveillance and police force operations.
- In-flight Wi-Fi: Passenger Internet traffic, including web browsing (DNS lookups and HTTPS traffic), encrypted pilot flight information systems, and in-flight entertainment data were visible.
- VoIP: Multiple VoIP providers were using unencrypted satellite backhaul, exposing call audio and metadata from users.
- Internal Commercial Networks: Retail, financial, and banking companies transmitted unencrypted satellite communications, revealing login credentials, corporate emails, inventory records, and ATM networking information.
- Critical Infrastructure: Power utility companies and oil and gas pipelines utilized GEO satellite links for remotely operated SCADA systems and power grid repair tickets without encryption.
Findings and Recommendations
The researchers published a full technical paper titled “Don’t look up: There are sensitive internal links in the clear on GEO satellites” which will be presented at the 32nd ACM Conference on Computer and Communications Security (CCS ’25) in Taipei, Taiwan.
The issue of encryption in GEO satellite communications is not straightforward, as there is no single entity responsible for securing these transmissions. Upon discovering sensitive information, the researchers contacted the responsible parties to disclose the vulnerability. Some organizations, like T-Mobile and WalMart, have since verified the deployment of remedies.
For end users and organizations using satellite communications, the researchers recommend treating these links as unsecured and public wireless networks. They suggest encrypting all possible traffic using methods such as TLS for application traffic, IPsec or multipoint encrypted VPNs for network encryption, and utilizing encryption options provided by satellite communication vendors. The NSA’s VSAT recommendations from 2022 serve as a reference guide for securing these systems.
The Study
The study focused solely on GEO satellite systems, which are known for their reliability and compatibility with existing infrastructure. The researchers did not investigate Low Earth Orbit (LEO) systems like Starlink, which are believed to be encrypted but have not been independently verified.
Regarding the uplink, it is more focused and less accessible from a single vantage point compared to the downlink signal, which broadcasts over a wide geographic area. Therefore, the study was able to observe only one half of a given network connection from their location in San Diego, California.
Why Aren’t All GEO Satellite Links Encrypted?
There are several reasons for the lack of encryption:
- Encryption incurs overhead costs, reducing already limited bandwidth.
- Decryption hardware can exceed the power budget of remote, off-grid receivers.
- Additional license fees may be charged for enabling link-layer encryption.
- Encryption complicates troubleshooting and can impact emergency service reliability.
Some users intentionally opt out of encryption, while others may be unaware of the unencrypted nature of their communications or underestimate the risks involved.
Source: Satcom
