this post was submitted on 27 Oct 2025
95 points (99.0% liked)

Technology

76415 readers
3488 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
95
Satellite Snooping Reveals Sensitive Unencrypted Data (hackaday.com)
submitted 2 days ago by mesamunefire@piefed.social to c/technology@lemmy.world
8 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] FauxLiving@lemmy.world 9 points 2 days ago

From, the paper: https://satcom.sysnet.ucsd.edu/docs/dontlookup_ccs25_fullpaper.pdf

Geosynchronous (GEO) satellite links provide IP backhaul to remote critical infrastructure for utilities, telecom, government, military, and commercial users [...]

There are thousands of GEO network links in operation today, carried by 590 GEO satellites orbiting Earth. Each satellite may carry traffic for dozens of independent networks through an array of on-board transponders, each covering a diameter of thousands of kilometers (at most a third of Earth’s surface). GEO IP links are established by leasing time on a transponder and aiming dishes for Earth-based terminals and hubs at that transponder. The ecosystem of equipment to support IP-based GEO links is mature and heterogeneous: at least 10 different vendors sell terminal and hub systems that each use their own proprietary protocol stacks to provide GEO networking.

These companies are leasing these satellite links for various purposes and then transmitting their network data over the links with no encryption. You can, for about $600 and some software (https://github.com/ucsdsysnet/dontlookup) read this data.

The researchers discovered data from US Military, Walmart-Mexico, AT&T, Government of Mexico, TelMex, Grupo Santander, Intelsat, Panasonic Avionics, WiBo, KPU. The researchers disclosed the vulnerability to all of these entities between 2024 and 2025.

Someone (I don't know who but T-Mobile is the only cellular carrier in their list...) was transmitting call and text data, in plaintext:

When we unexpectedly discovered unencrypted voice and SMS communications in our data, we ceased collection on those transpon- ders, encrypted the relevant data, and consulted again with our lawyers, who helped facilitate disclosure with affected vendors.