(Credit: Sergio Bonilla via Getty Images)
A security blind spot has been revealed in the skies above us. A team of researchers has discovered that a surprising amount of data transmitted to orbiting satellites is unencrypted, potentially paving the way for eavesdropping on communications from mobile carriers, as well as military and government users.
The issue doesn’t affect SpaceX's Starlink, but data sent to higher orbiting geostationary satellites, which can also provide communications to mobile carriers, commercial buildings, and government users in remote and rural areas. A team from the University of California, San Diego, and the University of Maryland investigated whether such satellite signals were encrypted, as the same signals can be easily intercepted over the air using consumer-grade dish equipment costing around $800.
It turns out that a large swath of geostationary satellite data is unencrypted over North America, the researchers wrote in a paper published on Monday. “We found 50% of GEO links contained cleartext IP traffic... The severity of our findings suggests that these organizations do not routinely monitor the security of their own satellite communication links.”
The results also shocked the team of researchers, according to Wired, which noted the surveillance gap is so glaring that it’s possible foreign intelligence agencies or other bad actors might be exploiting the unencrypted satellite data for spying.
(Credit: Research paper)Researchers monitored radio signals to 39 geostationary satellites from “a single vantage point” in La Jolla, California, using a standard satellite dish. They saw “unencrypted cellular backhaul traffic from several providers, including cleartext call and text contents, job scheduling, and industrial control systems for utility infrastructure, military asset tracking, inventory management for global retail stores, and in-flight Wi-Fi.”
The researchers traced the exposed satellite signals to companies such as T-Mobile, noting the recovered data included user SMS and voice call contents, user internet traffic, and cellular network signaling protocols. "From a 9-hour recording, we observed 2,711 users’ phone numbers from metadata associated with voice calls and messages,” the paper adds.
In T-Mobile's case, the carrier was likely using the geostationary satellites as "backhaul" for cell towers based in remote areas.
In another alarming find, the team was able to collect unencrypted satellite data “from sea vessels owned by the US military,” along with traffic from multiple organizations within the Mexican government and military, including personnel records, narcotics activity, and military asset tracking. Other unencrypted satellite traffic was traced to “Walmart-Mexico” and “AT&T Mexico.”
The good news is that most of the affected parties, including T-Mobile and AT&T, have resolved the issue by implementing encryption. T-Mobile also told us the scale of the issue was small."This is not network-wide – it was less than 0.10% of sites, all in very isolated, low-population areas and carry low traffic. We worked with the vendor to quickly solve the misconfiguration, and we implemented SIP encryption," the carrier said.
But others have yet to roll out a fix, despite warnings from the researchers, Wired reports.
Other researchers have also examined intercepting satellite traffic, but low signal quality has been a barrier, which may have mitigated the threat in the past to some extent. But the researchers were able to overcome this problem by developing a method that can “accurately gather raw data from hundreds of transponders” on board orbiting satellites. The team has since released their method on GitHub to push more satellite owners to encrypt their data.
Their paper adds: “The vulnerability that we found does not affect T-Mobile’s new Low-Earth Orbit Starlink deployment,” also known as T-Satellite. SpaceX says it uses the “ISO/IEC 27001” framework for data security, which includes using cryptography to protect data in transit.