You Only Need $750 of Equipment to Pilfer Data From Satellites, Researchers Say

Data transmitted via satellite may not be as secure as previously thought.

A new study published on Monday found that communications from cellphone carriers, retailers, banks, and even militaries are being broadcast unencrypted through geostationary satellites.

Researchers from the University of California, San Diego (UCSD) and the University of Maryland scanned 39 of these satellites from a rooftop in Southern California over three years. They found that roughly half of the signals they analyzed were transmitting unencrypted data, potentially exposing everything from phone calls and military logistics to a retail chain’s inventory.

“There is a clear mismatch between how satellite customers expect data to be secured and how it is secured in practice,” the researchers wrote in their paper titled “Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites.” The findings are also being presented this week at an Association for Computing Machinery conference in Taiwan. The paper’s title is a clear reference to the 2021 Netflix movie, used in this case as a metaphor for the satellites’ lack of security.

“They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security,” Aaron Schulman, a UCSD professor and co-lead of the study, told Wired. “They just really didn’t think anyone would look up.”

Even more surprisingly, the researchers didn’t need any fancy spy gear to collect this data. Their setup used only off-the-shelf hardware, including a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card. Altogether, the system cost roughly $750 and was installed on a university building in La Jolla, San Diego.

What the researchers found

With their simple setup, the researchers were able to collect a wide range of communication data, including phone calls, texts, in-flight Wi-Fi data from airline passengers, and signals from electric utilities. They even obtained U.S. and Mexican military and law enforcement communications, as well as ATM transactions and corporate communications.

Some of the affected organizations included Walmart-Mexico, Santander Mexico, and Banjercito, the researchers said.

When it came to telecoms, specifically, the team collected phone numbers, calls, and texts from customers of T-Mobile, AT&T Mexico, and Telmex. According to the researchers, these signals were exposed because telecom companies often rely on satellites to provide coverage to customers in remote areas. For instance, remote towers in desert regions of the U.S. connect to a satellite, which then relays signals to the carrier’s core network. This extra internal step is known as backhaul traffic and was found unencrypted in some cases by the team. It only took the team nine hours to collect the phone numbers of over 2,700 T-Mobile users, along with some of their calls and text messages.

“T-Mobile immediately addressed a vendor’s technical misconfiguration that affected a limited number of cell sites using geosynchronous satellite backhaul in remote, low-population areas, as identified in this research from 2024,” T-Mobile said in an emailed statement to Gizmodo. “This was not network-wide, is unrelated to our T-Satellite direct-to-cell offering, and we implemented nationwide Session Initiation Protocol (SIP) encryption for all customers to further protect signaling traffic as it travels between mobile handsets and the network core, including call set up, numbers dialed and text message content. We appreciate our collaboration with the security research community, whose work helps reinforce our ongoing commitment to protecting customer data and enhances security across the industry.”

Additionally, the team obtained unencrypted internet communications from US military sea vessels and even communications regarding narcotics trafficking from Mexican military and law enforcement.

The team said it has notified all affected parties about the security flaws, and several have already confirmed that they have deployed a fix. With permission, the researchers re-scanned the networks and verified that fixes had been implemented for T-Mobile and Walmart.

The researchers pointed to several reasons for the unencrypted signals, including economic incentives. While encrypting data can be an extra cost, it’s worth it for some companies when the economics are clear, like satellite TV providers protecting themselves from piracy. But for other organizations, encryption can reduce efficiency and impact service reliability. Other times, encryption can simply be turned off by mistake, but the overall system keeps working without indicating that the data is no longer protected.