It takes less than $1k to access unencrypted satellite data: study

Have you ever been tempted to spend less than $1,000 on satellite equipment—just so you can show how much sensitive data can be easily accessed?

Computer scientists from the University of California, San Diego, and the University of Maryland answered “yes” to that question. In a research paper published Oct. 13, they wrote that they can use satellites to access large amounts of sensitive and unencrypted traffic from a variety of sectors, including the telecommunication, retail, and even the military.

The setup. The researchers focused their study on geostationary (GEO) satellites, which orbit the Earth’s equator, receiving and amplifying signals from the ground. Hardware used to conduct the study included a Ku-Band satellite dish, a low-noise block downconverter to amplify weak signals, and a dish motor to enable automated movement for tracking purposes, among other materials. In total, the equipment ran the researchers just under $700, or roughly what you’d pay to rent a one-bedroom apartment in Wichita, Kansas.

With their makeshift setup, the researchers set up base on the roof of a university building in San Diego, where they performed a “broad scan of IP traffic on 39 GEO satellites

across 25 distinct longitudes.”

What they discovered. From these scans, researchers said they saw “unencrypted cellular backhaul traffic from multiple telecommunications providers,” including KPU Telecommunications and AT&T Mexico. While listening to a nine-hour recording of raw data streams, they added, they identified three satellite beams that carried unencrypted T-Mobile traffic, and observed close to 3,000 user phone numbers from metadata. Neither KPU, AT&T Mexico, nor T-Mobile responded to IT Brew’s request for comment on the findings.

Telecommunications providers weren’t the only ones with exposed traffic. Researchers also noted unencrypted traffic from US-owned sea vessels and organizations within the Mexican government.

On the corporation side, researchers identified unencrypted Walmart Mexico internal system traffic, which contained private data, including encrypted internal corporate emails, inventory records, and logins to the company’s inventory management system. Walmart Mexico did not respond to IT Brew’s request for comment by the time of publication.

In total, 50% of GEO links observed in the study contained cleartext IP traffic.

Well, that’s concerning! Researchers reached out to affected parties to disclose their findings from the study, and several remedies have been deployed to address vulnerabilities. Based on their findings, they concluded that there is a “clear mismatch” between satellite customers’s expectations of data security and the security that is actually in place.

“Cell phone traffic is carefully encrypted at the radio layer between phone and tower to protect it against local eavesdroppers,” the researchers wrote. “It is shocking to discover that these private conversations were then broadcast to large portions of the continent, and that these security issues were not limited to isolated mistakes.”

The researchers say there’s no way to determine if someone has set up a dish to secretly listen to traffic. However, end users can use a VPN to encrypt network traffic they generate, as well as end-to-end encrypted apps for voice and messaging communications. Organizations should treat their satellite communication links like “unsecured and public wireless networks,” according to the researchers, who also suggest companies should also practice strong encryption.

“Encryption should be used at every layer as defense-in-depth protection against individual failures,” the researchers said. “Treat encryption as mandatory, not an add‑on.”