The Sky Is Full of Secrets as Researchers Uncover Alarming Flaws in Satellite Communications

ByEduTalkToday Editors Updated:
The Sky Is Full of Secrets as Researchers Uncover Alarming Flaws in Satellite Communications
From left: Annie Dai, Aaron Schulman, Keegan Ryan, Nadia Heninger, and Monty Zhang. Zhang, Schulman, Ryan, and Heninger are from UC San Diego; Dai and collaborator Dave Levin (not pictured) are from the University of Maryland. Credit: University of California San Diego

A team of computer scientists from the United States has uncovered a deeply troubling reality about how much of the world’s satellite communication is protected. The short answer: far less than most people, companies, and governments assume. With nothing more than $800 worth of off-the-shelf equipment, freely available software, and months of careful analysis, researchers demonstrated that vast amounts of sensitive satellite data are being transmitted without encryption, openly broadcast across enormous regions of the Earth.

The study was led by researchers from the University of California, San Diego (UC San Diego) and the University of Maryland, with Aaron Schulman and Nadia Heninger of UC San Diego playing central roles. Their focus was on geostationary (GEO) satellites, a class of satellites that orbit Earth at a fixed position above the equator, allowing them to continuously cover the same geographic area.

What they found was shocking even to seasoned security experts.

A Large Portion of Satellite Traffic Is Wide Open

After months of monitoring, the researchers determined that close to half of the satellite communications they were able to intercept were not encrypted at all. This was not harmless or low-value data. Instead, it included cell phone text messages, voice calls, internet traffic, and even sensitive military and government information.

Because GEO satellites broadcast signals over extremely wide footprints—sometimes covering entire continents—anyone with the right equipment and a clear view of the sky could theoretically listen in. The team emphasized that this kind of interception does not require advanced hacking skills or specialized government tools. It relies on commercial satellite dishes, publicly documented satellite coordinates, and free decoding software.

The implications are enormous. While much effort has gone into encrypting web traffic on fiber-optic networks over the past two decades, satellite links appear to have been largely overlooked.

How the Researchers Carried Out the Study

To conduct their research, the team installed a large satellite dish on the roof of the UC San Diego Jacobs School of Engineering. From that single location, they monitored satellite transmissions for seven months.

Out of approximately 590 geosynchronous satellites orbiting Earth, the researchers successfully intercepted communications from 39 satellites, representing about 15% of all GEO satellites. Their reach was limited only by line-of-sight and alignment precision, not by any technical restriction imposed by satellite operators.

They also developed and released new software tools that automate the process of scanning satellite frequencies and decoding signals, contributing these tools to the broader research community through GitHub.

The Dangerous Gap Between Expectations and Reality

One of the most important conclusions of the study is that many organizations incorrectly assume satellite links are part of their secure internal networks. In practice, satellite communications are broadcast into space and back down over massive areas, making them fundamentally different from private terrestrial links.

The researchers observed a clear mismatch between how satellite customers believe their data is protected and how it is actually transmitted. In many cases, encryption was either missing entirely or applied inconsistently across different layers of communication.

Exposed Communications in Aviation

Among the most striking findings was the exposure of in-flight Wi-Fi and entertainment data. The team intercepted satellite traffic from companies such as Intelsat and Panasonic, both major providers of aviation connectivity.

From this data, they were able to determine which airlines and specific flights the traffic originated from. They also observed metadata revealing which websites passengers were visiting during flights. In some cases, researchers could even reconstruct audio from news programs, sports broadcasts, and other in-flight entertainment.

While this may sound like a privacy issue limited to passengers, it also highlights broader weaknesses in aviation communications infrastructure.

Cell Phone Calls and Texts Were Also Vulnerable

Satellite-linked cellular traffic turned out to be another major weak point. In remote areas, cell towers often route calls and texts through satellites before delivering them to telecom providers.

Normally, cell phone communications are encrypted between the phone and the cell tower, and again between towers. However, when a call is routed via satellite, those encryption layers can be stripped away. If the satellite link itself is not encrypted, the content becomes exposed.

This is exactly what the researchers observed with certain T-Mobile satellite links, where text messages, voice calls, and user internet traffic were transmitted without sufficient protection. After being informed, T-Mobile acted quickly and enabled encryption to close the vulnerability.

End-to-end encrypted apps such as Signal or encrypted iPhone-to-iPhone calls remain safe because they encrypt data at the application layer, which survives satellite transmission. Standard cellular calls and SMS messages, however, do not always have this protection.

Military, Government, and Corporate Data at Risk

The study revealed that sensitive communications were not limited to consumers. Researchers observed unencrypted traffic from U.S. military vessels, including vessel names and mixed encrypted and unencrypted data streams.

Even more concerning were findings related to Mexican government and commercial networks. Because many of the satellites accessible from Southern California serve Mexico, a significant portion of exposed data originated there.

Researchers identified unencrypted satellite traffic from Mexican military, law enforcement, and government agencies, including:

  • Aircraft and ship locations
  • Repair and maintenance schedules
  • Law enforcement personnel records

Two Mexican telecommunications companies, TelMex and WiBo, were especially vulnerable. Their satellite traffic exposed phone numbers, call metadata, full voice call audio, and details about smartphone app usage, including access to TikTok, Apple iCloud, and Samsung app services.

Corporate Networks Were Not Safe Either

Corporate data was also found traveling in the clear. For example, satellite traffic linked to Walmart Mexico included internal corporate emails, sales data, and other sensitive internal network information.

According to the researchers, the sheer volume and sensitivity of the exposed data suggests that many organizations do not routinely monitor or audit the security of their satellite communication links.

Why GEO Satellites Are Especially Risky

Geostationary satellites are inherently vulnerable because of their design. Since they remain fixed over one point on Earth, they continuously broadcast to the same large area. This makes them easy targets for passive eavesdropping, which is extremely difficult to detect.

A thriving online community already exists around satellite signal interception, complete with public databases of satellite frequencies and transponder details. The researchers’ work shows that malicious actors could exploit the same tools and techniques.

What Happens Next

Following responsible disclosure, several organizations—including T-Mobile, Walmart, and KPU Telecom—took steps to encrypt their satellite traffic. However, the researchers believe many vulnerabilities still exist.

They plan to expand their work by studying other types of satellites and potentially placing antennas in different regions of the United States to capture a broader range of signals.

Why This Research Matters

This study makes one thing clear: satellite communications should never be assumed secure by default. As more critical infrastructure, remote operations, aviation services, and telecommunications rely on satellites, proper encryption becomes not just a best practice, but a necessity.

The sky may look empty, but as this research shows, it is full of secrets—many of them far too easy to uncover.

Research paper:
Zhang, Wenyi Morty et al. Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites. Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security (CCS 2025).
https://satcom.sysnet.ucsd.edu/docs/do_not_look_up_ccs25_fullpaper.pdf

Also Read

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments