Satellites found exposing unencrypted data

October 15, 2025

One of the largest security scandals of the decade may be unfolding this week following the shocking discoveries published by researchers from the University of Maryland and the University of California, San Diego. The paper, entitled “Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites,” covered a year-long study of network traffic from geosynchronous (GEO) satellites. These GEO networks are used for a wide variety of purposes, including satellite TV, in-flight wi-fi, cellular call and text traffic, and more sensitive data such as military asset tracking and retail inventory management. The researchers expected much of this data to be encrypted, given that open-source satellite tracking has been available to the public for many years, and significant resources have been poured into transmission interception for pirating satellite TV signals. However, their survey of GEO network traffic, conducted using basic tools, revealed surprising findings: in their words, "a shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens' voice calls and SMS, and consumer internet traffic from in-flight Wi-Fi and mobile networks."

The tools the researchers used to conduct this survey are those that were publicly available to threat actors: a motorized satellite dish, a universal Ku-band downconverter, and a tuner card. The total cost was less than 600 USD, and all the parts were available on the open market. Using the free Easy BlindScan Pro software, the researchers swept the full Ku-band frequency and automatically captured raw data using the tuner card. The researchers estimated they received IP traffic from 14.3 percent of all global Ku-band satellites from a single location with high signal quality and low error rate. They then developed a general GEO traffic parser with which they were able to decode IP packets from multiple different protocol stacks. This was what led to the discovery of unencrypted voice and SMS communication in the transmissions.

The discoveries underline how many users, both ordinary individuals and high-level corporate and military personnel, expect privacy where in fact no privacy exists. The researchers have made it clear that if threat actors intended to, it would take a relatively small investment of only a few hundred dollars to intercept massive quantities of unencrypted private data. The researchers called on network providers to deliver more protective mechanisms, and at least one, T-Mobile, claims to have implemented nationwide SIP encryption for all customers to improve security. We can hope that other providers using GEO networks may follow suit in the future. The researchers will be presenting their paper this week at the Annual Computer Security Applications Conference, where we may receive further information on the issue.

More from Blackwired

October 8, 2025

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks.

OpenAI stopped 40+ abuse ops, flagged state-linked misuse, and urges shared defenses as AI speeds up old cyber threats.

Read more
October 1, 2025

Gemini Trifecta Highlights Dangers of Indirect Prompt Injection

Tenable found 3 major flaws in Google Gemini enabling prompt injection, data leaks, and exfiltration—now patched by Google.

Read more
September 24, 2025

AI made crypto scams far more dangerous

Crypto scams surge in 2025, fueled by AI tools, deepfakes, and social engineering—education and vigilance are key defenses.

Read more

© 2024 Blackwired. All Rights Reserved.