The skies above us are teeming with satellites. The latest figures estimate there are over 12,000 satellites currently active, with thousands more defunct craft left to decay in orbit. All that activity has caused numerous complications for astronomers and researchers alike, interfering with radio telescopes with “unintended” radiation leaks.
Now it turns out that they’re also contributing to a massive leak of personal, corporate, and government data, as researchers at UC San Diego and the University of Maryland were alarmed to discover. First reported by Wired, the joint study uncovered glaring holes in satellite security enabling “anyone with a few hundred dollars of consumer grade hardware” to rustle up a huge collection of unencrypted data beamed down to Earth.
Using an $800 fixed-position satellite dish on the roof of a UC San Diego building, researchers were able to receive calls, texts, and internet traffic from T-Mobile’s cellular network, data from devices using in-flight WiFi, text communications from industrial control systems, and logistics information for big-box retail stores like Walmart.
Probably the most damning thing the team recovered was a trove of unencrypted US and Mexican governmental traffic, including communications and network info from US military ships, surveillance operation data, and Mexican military and police chatter.
In the case of US military ships, there was so much exposed data that researchers were able to piece together the names of individual vessels, enabling them to run full background checks. “By investigating the names, we determined they were all formerly privately-owned ships that were now owned by the US,” the team wrote.
“It just completely shocked us,” Aaron Schulman, a UC professor and co-lead of the study, told Wired. “There are some really critical pieces of our infrastructure relying on this satellite ecosystem, and our suspicion was that it would all be encrypted.”
“Time and time again, every time we found something new, it wasn’t,” Schulman continued. “They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security.”
To make things even wilder, the research teams estimate they were only able to access about 15 percent of the satellites in operation, meaning there’s likely much more unencrypted data being beamed down to the ground as we speak. Luckily, the team took a little time to warn the groups involved of the vulnerabilities before publishing their study, and confirmed that both T-Mobile and Walmart have since encrypted their satellite data.
In their summary of the three-year study, the researchers wrote that data from just one satellite could be obtainable from an area as large as 40 percent of the surface of the Earth.
Addressing the question of why on earth this satellite data wasn’t encrypted in the first place, the study’s authors wrote that “there are direct costs to enabling encryption,” making it hard for some stakeholders or corporations to justify if they don’t perceive an imminent security threat. “Some users may forgo encryption intentionally; others may be unaware these links are unencrypted or underestimate the risk and ease of eavesdropping attacks,” they wrote.
More on satellites: Startup Working on Spacecraft Designed to Eat Dead Satellites for Fuel