Researchers say you only need $750 worth of equipment to steal data from satellites

Data transmitted via satellite may not be as secure as previously thought.

new He studies A study published Monday found that communications from mobile phone companies, retailers, banks and even militaries are being broadcast unencrypted through geostationary satellites.

Researchers from the University of California, San Diego (UCSD) and the University of Maryland surveyed 39 of these satellites from a rooftop in Southern California over a period of three years. They found that nearly half of the signals they analyzed were transmitting unencrypted data, potentially revealing everything from phone calls and military logistics to a retail chain’s inventory.

“There is a clear mismatch between how satellite customers expect data to be secured and how it is secured in practice,” the researchers wrote in their paper. paper Titled “Don’t Look Up: There Are Sensitive Internal Links in the Clear Zone on Geostationary Satellites.” The results will also be presented this week at the Association for Computing Machinery conference in Taiwan. The title of the paper is an obvious reference to the 2021 Netflix film, which in this case is used as a metaphor for satellites’ lack of security.

“They assumed that no one would ever look and scan all these satellites and see what was out there,” said Aaron Shulman, a professor at the University of California San Diego and co-leader of the study. “That was their security method.” Wired. “They really didn’t think anyone would look for them.”

What’s even more surprising is that the researchers didn’t need any fancy spying equipment to collect this data. Their setup used only off-the-shelf hardware, including a $185 satellite dish, a $140 roof rack with a $195 motor, and a $230 tuner card. In all, the system cost about $750 and was installed in a university building in La Jolla, San Diego.

What the researchers found

With a simple setup, the researchers were able to collect a wide range of communication data, including phone calls, texts, in-flight Wi-Fi data from airline passengers, and signals from electric utilities. They even obtained military and law enforcement communications in the United States and Mexico, as well as ATM transactions and corporate communications.

Some of the affected organizations include Walmart-Mexico, Santander Mexico and Banjercito, researchers said.

When it came to communications, specifically, the team collected phone numbers, calls, and text messages from T-Mobile, AT&T Mexico, and Telmex customers. According to the researchers, these signals were detected because telecommunications companies often rely on satellites to provide coverage to customers in remote areas. For example, remote towers in desert areas in the United States connect to a satellite, which then transmits signals to the carrier’s backbone network. This extra internal step is known as backhaul traffic and the team has found that it is unencrypted in some cases. It took the team just nine hours to collect the phone numbers of more than 2,700 T-Mobile users, as well as some of their calls and texts.

In addition, the team obtained unencrypted Internet communications from U.S. military naval vessels and even drug trafficking communications from the Mexican military and law enforcement.

The team said it has notified all affected parties of the security flaws, and several have already confirmed they have deployed the fix. After obtaining permission, researchers re-examined the networks and verified that fixes had been implemented on T-Mobile and Walmart.

The researchers pointed to several reasons for the unencrypted signals, including economic incentives. While data encryption can be an additional cost, it is worth it for some companies when the economics are clear, such as satellite TV providers protecting themselves from piracy. But for other organizations, encryption can reduce efficiency and affect service reliability. Other times, encryption can simply be stopped accidentally, but the entire system continues to function without indicating that the data is no longer protected.