A new academic study has revealed that vast amounts of sensitive information, including government, corporate and personal data, are being transmitted in the clear over geosynchronous satellites, exposing communications that anyone with roughly $600 in hardware could intercept.
The findings come from six researchers at the University of California, San Diego (UCSD) and the University of Maryland (UMD), who published their peer‑reviewed paper “Eavesdropping on Internal Networks via Unencrypted Satellites” at the 32nd ACM Conference on Computer and Communications Security (CCS ’25) in Taipei, Taiwan.
A passive look into the sky
Using a commercial off‑the‑shelf satellite dish, the team monitored 39 geosynchronous satellites from a UCSD rooftop in San Diego. Their equipment, configured to receive but never transmit signals, detected 411 transponders broadcasting a variety of unencrypted digital traffic.
According to the researchers’ summary, the exposed data spanned:
- Cellular backhaul traffic containing unprotected calls, SMS, user Internet data, and cellular encryption keys.
- Government and military transmissions, including unencrypted VoIP and coastal surveillance information.
- In‑flight Wi‑Fi streams showing passenger browsing metadata and entertainment‑system traffic.
- Corporate and financial network data, such as login credentials and ATM connectivity.
- Critical infrastructure communications from energy and pipeline operators using GEO links for maintenance and control systems.
The researchers emphasize the scale of the exposure: each transponder’s broadcast footprint can cover up to 40 percent of Earth’s surface, which means intercepted data potentially visible across continents.
Why so much traffic is still unencrypted
The study notes that many GEO satellite links remain unprotected because encryption consumes bandwidth, adds hardware costs, and can complicate network troubleshooting, especially in remote or emergency contexts. Some service providers, the paper says, may simply underestimate the risk or lack awareness of how easily such signals can be received.
While encryption has become standard for website traffic via TLS, the researchers found far less adoption among satellite‑based systems that connect remote infrastructure to the public Internet.
Fixes and industry response
Throughout the research, the team privately disclosed vulnerabilities to organizations identified in the captured traffic. They confirmed that T‑Mobile, Walmart, and KPU implemented fixes after notification. Information about other affected systems is being withheld until responsible‑disclosure timelines conclude.
“There is no single stakeholder responsible for encrypting GEO satellite communications,” the authors wrote.
Each discovery required determining who operated the exposed network, establishing contact, and coordinating remediation, an often difficult process.
Recommendations for users and providers
Because individuals cannot easily tell whether upstream satellite providers encrypt data, the researchers suggest basic safeguards:
- Use a VPN to encrypt all outbound Internet connections.
- Conduct messaging and voice calls through end‑to‑end encrypted apps such as Signal or Telegram.
- For organizations, treat satellite links like public Wi‑Fi networks, employ encryption at all layers (TLS, IPsec, or link‑layer encryption), and make encryption mandatory rather than optional.
Relevant operational guidance can be found in the NSA VSAT recommendations (2022) cited in the paper.
Study scope and limitations
The work focused solely on GEO (geostationary equatorial orbit) satellites, which broadcast continuously over fixed coverage areas. Low‑Earth orbit (LEO) constellations such as Starlink were not part of the test due to hardware complexity. The researchers note that LEO systems are believed to use encrypted links, but they did not independently verify that claim.
Only satellite downlinks were recorded; uplink transmissions were not captured. The team stressed that the project was fully passive and cleared by UC legal counsel to ensure compliance with communications‑law restrictions.
Key takeaway
The study establishes the first comprehensive, public evidence that unencrypted geosynchronous satellite links remain a privacy and security risk, a digital blind spot that covers military, corporate, and personal communications.
Until encryption becomes universal on orbital links, both providers and end users must assume that satellite transmissions are public and act accordingly.
Gunel Ismayilova
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice. HODL FM strongly recommends contacting a qualified industry professional.
