Don’t Look Up: Those Satellites Are Leaking

“To have good data, we need good satellites.”  - Jeff Goodell

​Sigh. As if we didn’t have enough to worry about already. While privacy experts were focusing on the security of undersea fiberoptic cables, government surveillance, and corporate subterfuge, our data is being broadcast unencrypted all around the Earth by satellites.

Satellites are leaky – and it isn’t fuel they’re off-gassing; it’s our personal information. “These signals are just being broadcast to over 40 percent of the Earth at any point in time,” researchers told Wired’s Andy Greenberg and Matt Burgess.

A few years ago, those researchers (at UC San Diego and the University of Maryland) followed up on a whim: Could we eavesdrop on what satellites are broadcasting? The answer was a big fat “yes” – and it took only about $800 in equipment. Their complete findings are detailed in a newly released study. They had assumed, or at least hoped, to find very little – that almost every signal would be protected by encryption – the ne plus ultra of privacy protection.

Instead, among the many things they found floating in the ether were:
​

• Miscellaneous corporate and consumer data (such as phone numbers)
• Actual voice calls
• Text messages
• Industrial communications
• Decryption keys
• Even in-flight Wi-Fi data for systems used by 10 different airlines (including users’ in-flight browsing activities).

Researchers also “pulled down a significant collection of unprotected military and law enforcement communications,” including information about some U.S. sea vessels.

The Wired article’s authors are quick to note that the National Security Agency warned about the security of satellite communications more than three years ago.

Will the publication of such research encourage bad actors to take advantage of these weaknesses?

In the short term, perhaps, but the study’s authors are hopeful that various companies will respond like T-Mobile did and immediately get their encryption house in order (a spokesperson noted the issue was not network-wide). Another affected company, Santander Mexico, responded: “We took the report as an opportunity for improvement, implementing measures that reinforce the confidentiality of technical traffic circulating through these links.” (It should be noted that the affected organizations were notified many months prior to the study’s release.)

In the meantime, let’s hope most hackers haven’t renewed their Wired subscriptions.
​
After all, the scale of the problem is enormous. A Johns Hopkins expert told the magazine: “The implications of this aren't just that some poor guy in the desert is using his cell phone tower with an unencrypted backhaul. You could potentially turn this into an attack on anybody, anywhere in the country.”

DONATE & HELP US DEFEND YOUR FOURTH AMENDMENT RIGHTS