Eavesdropping on Internal Networks via Unencrypted Satellites
6 months ago
- #encryption
- #satellite security
- #data privacy
- A study revealed that a significant amount of sensitive traffic is being broadcast unencrypted via geostationary satellites, including critical infrastructure, corporate, government, and personal communications.
- Exposed data includes unencrypted calls, SMS, internet traffic, hardware IDs, encryption keys, military and government communications, in-flight Wi-Fi traffic, VoIP calls, and internal commercial networks.
- The research was conducted using consumer-grade satellite equipment, capturing data from 411 transponders across 39 GEO satellites, with a single dish able to receive IP traffic from 14% of global Ku-band satellites.
- Reasons for lack of encryption include additional costs, bandwidth overhead, power constraints, and troubleshooting difficulties, with some vendors transitioning to encrypted links.
- End users are advised to use VPNs and end-to-end encrypted apps like Signal, while organizations should treat satellite links as unsecured public networks and implement encryption at every layer.
- The study was fully passive and legal, with efforts made to disclose vulnerabilities to affected parties, some of whom have remediated the issues (e.g., T-Mobile, WalMart, KPU).
- The research highlights a significant security oversight in satellite communications, with widespread implications for privacy and security across various sectors.