Security researchers have discovered that as many as half of all geostationary satellites in Earth’s orbit are transmitting unencrypted sensitive information. This data includes private consumer, corporate, and military communications, making it wide open to eavesdropping.
The researchers from UC San Diego and the University of Maryland conducted a three-year study using an off-the-shelf satellite receiver that cost only eight hundred dollars. By pointing this equipment at the sky, they found reams of unencrypted data beaming to and from space. This data included people’s private voice calls and text messages, as well as consumer internet traffic from in-flight Wi-Fi services.
The unencrypted data also contained communications for critical infrastructure systems. This involved information from energy and water suppliers and off-shore oil and gas platforms. The researchers spent the past year alerting the affected organizations about the exposure. Companies like T-Mobile and AT&T’s network in Mexico began encrypting their data soon after being notified to prevent future eavesdropping.
However, the researchers warn that not every organization has fixed the problem. Some critical infrastructure providers have not yet remediated their own exposed data. They also caution that large amounts of satellite data will likely remain exposed for many years to come.