UCSD - University of California - San Diego

01/20/2026 | Press release | Distributed by Public on 01/20/2026 10:21

The Sky is Full of Secrets: Glaring Vulnerabilities Discovered in Satellite Communications

Published Date

January 20, 2026

Article Content

With $800 of off-the-shelf equipment and months worth of patience, a team of U.S. computer scientists set out to find out how well geostationary satellite communications are encrypted. And what they found was shocking.

Close to half of the communications beamed from satellites to the ground that the researchers were able to listen in on were not encrypted. This included sensitive data including cellular text messages, voice calls, as well as sensitive military information, data from internal corporate and bank networks, and the in-flight online activity of airline passengers.

The research team, led by Aaron Schulman and Nadia Heninger, two computer science professors at the University of California San Diego, then set out to find out which companies and government agencies were failing to encrypt data in order to contact them and disclose the vulnerabilities.

In this study, researchers focused on geosynchronous (GEO) satellites, which orbit the Earth at a fixed altitude and position around the equator.

"Given that any individual with a clear view of the sky and $800 can set up their own GEO interception station from Earth, one would expect that GEO satellite links carrying sensitive commercial and government network traffic would use standardized link and/or network layer encryption to prevent eavesdroppers," the researchers write in a paper presented in October at the CCS 2025 conference in Taiwan.

"There has been a concerted effort over the past two decades to encrypt Web traffic because of widespread concern about government eavesdropping through tapping fiber-optic cables or placing equipment in Internet exchange points; it is shocking to discover that this traffic may simply be broadcast to a continent-sized satellite footprint," the researchers also write.

In several cases, the researchers' findings led to immediate action. The team disclosed to T-Mobile that some of their satellite traffic was unencrypted and left text messages, user Internet traffic and the content of voice calls vulnerable to eavesdropping. The company then quickly enabled encryption. Other organizations including Walmart and KPU Telecom have also enabled encryption in response to the researchers' findings.

Coverage of GEO satellites from the research team's location on the UC San Diego campus. Each dot represents a unique GEO satellite. The green shaded region shows the theoretically achievable scanning area; pink highlights coverage enabled by precise alignment.

Communications from specific satellites

There are 590 geosynchronous satellites orbiting the earth, with a wide variety of uses, including residential television and Internet services, and in-flight WiFi. These satellites also carry traffic on private networks for sensitive, remote commercial and military equipment. By placing a large satellite dish on the top of the computer science and engineering building at the UC San Diego Jacobs School of Engineering, researchers were able to intercept communications from 39 satellites - about 15% of GEO satellites-during a seven-month period.

GEO satellites are known to be potentially vulnerable to eavesdropping. As a result, a cottage industry has arisen to try to listen in on signals using off-the-shelf, commercially available satellite dishes. High-quality free software is available to receive satellite signals, as long as they're not encrypted. A thriving online community of enthusiasts publishes open databases of satellite coordinates and transponders. As part of their study, researchers contributed new software that automates both scanning for satellites and decoding these signals.

But until now, no one had tested on a large scale all the different types of satellite transmissions that can be eavesdropped on. The researchers believe their study is the most comprehensive to date of GEO satellites, their communications, levels of encryption and various communications equipment they carry. Many organizations don't seem to realize that satellite traffic is not part of their internal network and can be captured if not encrypted, the researchers write. "There is a clear mismatch between how satellite customers expect data to be secured and how it is secured in practice," they said.

Overview of the GEO satellite data ecosystem.

Examples of vulnerabilities in U.S. communications systems

Researchers captured data from two companies that provide in-flight entertainment: Intelsat and Panasonic. They were able to determine which airlines and which flights the data was coming from, as well as metadata including which websites passengers were visiting. Researchers even were able to capture audio from news shows, sports and other programs passengers were watching in flight.

In addition, other data the team decoded allowed them to find the names of vessels owned by the U.S. military together with both encrypted and unencrypted traffic from those vessels' communication systems.

The vulnerability for cell phone communications, such as T-Mobile's, happens when someone places a call in a remote area where the call is connected through a cell phone tower that routes through a satellite, which then beams the call to the cellphone company.

Phone calls can be encrypted at different levels. One layer of encryption comes into play from phone to cell phone tower and another from tower to tower. These last two layers get stripped away when a call gets transmitted via satellite, leaving the content of the call or text vulnerable if it's not encrypted. The only way to protect call and text content is to encrypt that layer of data - this happens when making calls with Signal, or from iPhone to iPhone, for example.

"Cell phone traffic is carefully encrypted [...] between phone and tower to protect it against local eavesdroppers; it is shocking to discover that these private conversations were then broadcast to large portions of the continent, and that these security issues were not limited to isolated mistakes," the researchers write.

Many vulnerabilities in Mexican communications systems

Many of the vulnerabilities researchers found came from companies and government agencies in Mexico. That is not surprising since many of the satellites researchers could reach transmit data to and from our neighbor to the south.

Two Mexican telecommunications companies, TelMex and WiBo, were particularly vulnerable. For both WiBo and TelMex, the data included phone numbers for parties on both sides of a phone call, as well as unencrypted voice data that would enable full reconstruction of audio for phone calls. Also, the data included information about online smartphone activity, including, for example, using TikTok and accessing Apple iCloud or Samsung's app store.

Researchers observed unencrypted satellite traffic from many organizations within the Mexican government, including the military, law enforcement and other government agencies. For example, researchers were able to see the locations of aircraft and ships, as well as their repair schedules. They were also able to see personnel records for law enforcement.

In addition, network traffic for Walmart Mexico was also not protected, giving researchers access to a wide range of data, including unencrypted internal corporate emails. Sales data were also available.

"We observe significant amounts of highly sensitive internal network traffic being broadcast unencrypted to large portions of North America. The severity of our findings suggests that these organizations do not routinely monitor the security of their own satellite communication links," the researchers write.

They are now planning to look at different kinds of satellites and perhaps locate antennas in different parts of the continental United States to capture a different range of satellite communications.

The research team released the software they used for this study on Github.

Don't look up: There are sensitive internal links in the clear on GEO satellites
Wenyi Morty Zhang, Keegan Ryan, Nadia Heninger and Aaron Schulman, UC San Diego Department of Computer Science and Engineering
Annie Dai and Dave Levin, University of Maryland

Computer scientists Nadia Heninger and Annie Dai present their satellite research at the 39th Chaos Communication Congress.
UCSD - University of California - San Diego published this content on January 20, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on January 20, 2026 at 16:21 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at [email protected]