Redazione RHC : 14 October 2025 12:44
Satellite communications links used by government agencies, the military, businesses, and mobile operators have been discovered to be the source of a massive data leak.
Researchers at the University of California, San Diego, and the University of Maryland have found that about half of all geostationary satellites transmit information without any protection .
Over the course of three years, they intercepted signals using equipment costing no more than $800 and discovered thousands of phone conversations and text messages from T-Mobile users, data from the U.S. and Mexican military, and internal communications from energy and industrial companies.
Using a standard satellite dish on the roof of a university in La Jolla, the team pointed a receiver at several orbiting satellites and decoded the signals coming from within reach of Southern California.
They found that conversations between subscribers, in-flight Wi-Fi data, telemetry from military facilities, correspondence from employees of major retail chains, and banking transactions were being transmitted over the airwaves .
Among the researchers’ discoveries were messages from Mexican security forces’ communications systems, the coordinates of UH-60 Black Hawk aircraft and helicopters, and information on refueling platforms and power grids.
The researchers paid particular attention to unprotected lines of telecommunications operators. They intercepted the backhaul traffic ( service flows between remote base stations and the core network) of three companies: T-Mobile, AT&T Mexico, and Telmex. During nine hours of traffic recording, T-Mobile managed to collect the phone numbers of over 2,700 users and the content of their incoming calls and messages.
After notifying the operators, the American company quickly activated encryption, but many lines in Mexico remained open. AT&T confirmed that the data leak occurred due to a misconfiguration of satellite connections in several remote areas of the country.
Researchers also discovered a huge amount of military and industrial data. On the US side, unencrypted naval communications were recorded, including internet traffic with ship names.
Mexican units, however, transmitted unencrypted radio communications with command centers and maintenance information for aircraft and armored vehicles. The data stream also included internal documents from the state electricity grid, the CFE, containing information on faults, customer addresses, and safety reports.
In addition to military facilities and telecommunications operators, corporate systems were also at risk. Researchers recorded unencrypted packets from airline onboard networks using Intelsat and Panasonic equipment , which transmitted passenger navigation data, service metadata, and even audio streams from onboard transmissions. In some cases, internal emails from Walmart employees in Mexico, internal logs from Santander ATMs, and traffic from Banjercito and Banorte banks were discovered. After being notified, most organizations encrypted their transmission channels.
Experts estimate that the resulting data covers only about 15% of all operational satellite transponders, or the sector of the sky visible from California. This means that similar surveillance could easily be implemented anywhere in the world using the same equipment: a $185 antenna, a $140 motorized bracket, and a $230 TV tuner. Such an operation doesn’t require professional expertise or expensive equipment; it only requires household components and time to install.
The researchers acknowledged that openly publishing their tools, called “Don’t Look Up,” on GitHub could make it easier for attackers to collect such data, but it would also allow telecom operators and infrastructure owners to recognize the scope of the threat and urgently implement encryption.
According to experts, a significant portion of satellite communications is still protected by the “Don’t Look Up” principle, which already allows surveillance of confidential data streams from space, covering almost the entire planet.
Redazione