This suggests that someone could set up similar devices elsewhere in the world and potentially obtain their own set of sensitive information. After all, the researchers limited their experiment to only off-the-shelf satellite hardware: a $185 satellite dish, a $140 ceiling mount with a $195 motor, and a $230 tuner card, for a total of less than $800.
“These were not NSA-level resources. These were DirecTV user-level resources. The barrier to entry for this type of attack is very low,” says Matt Blase, a computer scientist, cryptographer at Georgetown University and a Georgetown Law professor. “By the next week, we’ll have hundreds or maybe thousands of people, many of whom won’t tell us what they’re doing. They’ll just repeat that work and see what they can find up there in the sky.”
The researchers say one of the only obstacles to replicating their work is likely the hundreds of hours they spent on the surface adjusting their satellite. As for the in-depth, high-tech analysis of the mysterious data protocols they obtained, it may now be easier to replicate, too: The researchers are launching their own open source software tool for interpreting satellite data, also titled Don’t Look Up, on GitHub.
They acknowledge that the researchers’ work may enable others with less benevolent intentions to pull the same highly sensitive data from space. But they say it will also push more owners of satellite communications data to encrypt that data, to protect themselves and their customers. “As long as we aim to find the unsafe and secure it, we feel good about that,” Shulman says.
They say there is no doubt that intelligence agencies with vastly superior satellite receivers have been analyzing the same unencrypted data for years. In fact, they point out that the US National Security Agency warned in… Security Advisory 2022 About the lack of encryption for satellite communications. At the same time, they posit that the NSA — and every other intelligence agency from Russia to China — has set up satellite dishes around the world to exploit the same lack of protection. (The NSA did not respond to WIRED’s request for comment.)
“If they’re not already doing it, where’s my tax money going?” Nadia Henninger, a cryptography professor at UC San Diego who co-led the study, jokes.
Henninger compares what their study revealed – the sheer volume of unprotected satellite data available for collection – with some of the information that has been discovered. Edward Snowden That showed how the NSA and Britain British Government Communications Headquarters They were acquiring telecommunications and Internet data on a massive scale, often by covertly tapping directly into communications infrastructure.
“The threat model that everyone had in mind was that we need to encrypt everything, because there are governments exploiting undersea fiber-optic cables or forcing telecom companies to give them access to data,” Henninger says. “And now what we’re seeing is that same kind of data is being broadcast to a large part of the planet.”
https://media.wired.com/photos/68e961a8dc203222538eb046/191:100/w_1280,c_limit/security_satellites_leak_data.jpg
Source link