A group of university researchers in the U.S. have spent the last several years pointing satellites above their Southern California campus, and they’ve discovered that most satellite communications are not private.
The team is using roughly U.S. $800 (C$1,124) of equipment to make this happen, and all of it was readily available to them, suggesting anyone could figure this out with enough knowledge. Using their homemade satillite interceptor the team has been able to pick up on regualar calls, messages, military chatter and much more.
Right now, they’re presenting their findings at the Computing Machinery Conference in Taiwan, but in a report on Wired, they did mention that they’ve been spending the last year notifying companies that this data is accessible, and a lot of them are now encrypting it.
It should also be noted that these researchers only focused on geostationary satellites, not the newer low-earth orbit versions being used for things like Starlink.
While this security issue has now come to light, a professor at Johns Hopkins University who peer-reviewed the paper worries that it will take years for the satellite industry to catch up and secure all its traffic. A lot of these systems are outdated and will take more work than others to secure as well.
On the telecom side, this paper discovered that T-Mobile traffic was flowing up to satellites, but only half the data was encrypted. If it had passed through a T-Mobile tower before being intercepted, it would be encrypted, but messages and calls made to the tower were vulnerable.
