Unencrypted Satellite Traffic Contains Sensitive Information

Noisy, flawed communication in space is now a thing. A significant portion of the data orbiting Earth is being zapped around in the clear, beamed to and from geostationary satellites over North America—all those mobile carrier backhauls, corporate networks, and even military logistics operations are left wide open for interception with off-the-shelf hardware, academic researchers say.

How Researchers Demonstrated the Satellite Data Leak

Researchers from the University of California San Diego and University of Maryland tracked traffic to 39 geostationary satellites from a location in La Jolla, Calif. With an ordinary dish and software-defined radio equipment that costs around $800, they captured downlink signals to determine if IP traffic was encrypted.

The results were stark: roughly 50% of observed GEO links transmitted cleartext IP. Within just nine hours of one capture, the team had pulled metadata that revealed 2,711 phone numbers as well as call and message content. Outside of telecom, they saw exposed data streams related to in-flight Wi-Fi systems, job scheduling systems, inventory management, and industrial control operations.

The researchers released a peer-reviewed paper chronicling their method and results, adding that the weakness is based in how legacy satellite networks are built and monitored. And independent reporting has reinforced that the gap is so glaring that sophisticated adversaries could already be taking advantage of it.

Who Was Exposed, and What Investigators Saw in Data

The researchers found unencrypted cellular backhaul to several carriers, including traffic from T-Mobile and AT&T’s Mexican operations. The data exposed may have included user SMS and voice content in some cases, as well as web browsing, and information relating to the computing devices used on the carrier’s network.

The researchers also found traffic associated with sea vessels of the US military and several entities of the Mexican government and military. And plenty of retail and logistics data on big commercial systems in Mexico were also online, such as asset tracking and inventory updates that had never been secured in transit.

Some of the notified organizations have activated encryption since then, but not all affected networks have been shored up, the researchers said. The split reaction highlights how decentralized satcom supply chains can keep responsibility for service delivery fragmented across carriers, satellite operators, ground-station providers, and equipment vendors.

Why So Much of Satellite Traffic Is Unencrypted

Geostationary links continue to serve as the backbone for remote connectivity—backhauling cell sites, linking ships and aircraft, and connecting rural facilities. Most of these networks have long-lived terminals and DVB-S/DVB-S2 modems that were developed many years ago, at a time when radio-frequency obscurity and the cost of cryptographic overhead were used as an excuse for not implementing end-to-end encryption.

That calculus no longer holds. Software-defined radios, improved low-noise amplifiers, and open-source tooling have made high-quality interception much more accessible. The cleartext protocols like GTP (mobile backhaul) and plain web services in the enterprise, in addition to older industrial interfaces, continue to flow over shared satellite transponders, resulting in something of a perfect storm for exposure.

The end result is a security-by-default fail: operators imagine heaven as an umbrella, and all modern eavesdroppers know it as just another channel.

What’s Changed, and What Hasn’t in Satellite Security

Some carriers enabled encryption on these paths after responsible disclosures. The others are still in the process but struggle under aging equipment, complicated key management, and performance on high-latency GEO links. The researchers made the measurement tools available to the public in order to spur wider adoption and independent confirmation.

Of particular note, low Earth orbit systems including SpaceX’s direct-to-cell system and its Starlink broadband were not implicated. SpaceX references ISO/IEC 27001-mandated processes and cryptographic controls for data in transit. That dichotomy illustrates the gulf between modern architectures that essentially bake in crypto and legacy GEO ecosystems where encryption is still an afterthought at best.

The Broader Security Context for Space Communications

Governments have issued satellite communication warnings before. CISA released joint advisories following the 2022 KA-SAT incident in Europe, urging providers and customers there to harden terminals, segment networks, and monitor for anomalies. Telecommunications standards organizations have been advocating the use of IPsec for mobile backhaul services, but the adoption rate varies, especially on low-cost links.

The new findings provide hard evidence at scale: this is not an isolated misconfiguration but a systemic failing. The value for adversaries is clear—intercept intelligence, map critical infrastructure, and collect credentials without touching a target’s network.

What Needs to Happen Next to Secure Satellite Links

The fix is no mystery. Operators must turn on link-layer encryption on DVB-S2/S2X when possible, utilize IPsec/MACsec as a backhaul solution, require mutual authentication, and move away from cleartext services while rotating keys frequently. Ground stations require RF and protocol-layer monitoring to discover unprotected flows and rogue endpoints.

Enterprises and governments that use satcom need to make encryption part of their procurement requirements, keeping the vendor honest through audits instead of assumptions. Regulators and standards bodies—from the FCC and NTIA to ETSI and the ITU—can also provide an impetus by crystallizing expectations for safeguarding data in transit over shared space-based infrastructure.

At its core, it is a simple and long-overdue message: if data matters on the ground, then it matters in the sky. Encrypt it.