Researchers from UC San Diego and the University of Maryland demonstrated in late 2024 that satellite links carrying phone calls, text messages, and military operations operate with little to no encryption. Using approximately $800 in off-the-shelf equipment—a $185 satellite dish, $140 in mounting hardware, a $195 motorized antenna, and a $230 USB tuner card—the team positioned their array on a La Jolla rooftop and intercepted live traffic from geostationary satellites above the equator. Within hours, the equipment captured call data from 2,700 T-Mobile subscribers in remote locations relying on satellite backhaul.
The research revealed far more than consumer communications. The same unencrypted beams exposed sensitive military and infrastructure operations, including positions of U.S. Navy vessels, flight paths and coordinates for Mexican military helicopters, and details of Coast Guard and cross-border law enforcement activity.
Critical infrastructure proved equally vulnerable: Mexico’s Federal Electricity Commission, which serves roughly 50 million people, transmitted internal traffic, including repair schedules, grid weaknesses, login credentials, and SCADA information via unencrypted satellite links. Similar exposure affected Walmart Mexico, Santander Mexico, and ATM networks, potentially compromising accounts that could provide access to payment networks and partner institutions.
The scope of the vulnerability encompasses the entire global satellite ecosystem. Examining only 39 satellites and 411 transponders—approximately 15 percent of the world’s geostationary fleet—the researchers estimated that roughly 50 percent of geostationary satellite signals carrying sensitive data were unencrypted. Since each satellite covers approximately 40 percent of Earth’s surface, a single beam can simultaneously span continents, transmitting everything from passenger aircraft Wi-Fi to military movements.
This security blind spot was not accidental or novel. In May 2022, the U.S. National Security Agency issued an advisory warning that many satellite links operated without encryption, depending instead on frequency management techniques rather than cryptography. The notice urged stronger protections, yet operators delayed implementation for years.
Encryption requires additional bandwidth, power, new equipment, and licensing costs; for aging platforms operating with tight margins, these hurdles translated into postponement. Risk calculations typically assumed that, because few people systematically examined satellite signals, the likelihood of exploitation was low.
The academic demonstration shattered that assumption. Once the team showed how easily interception could be accomplished with minimal resources and expertise, the industry’s miscalculation became apparent. Researchers described their initial reaction as questioning whether they had committed a crime by capturing broadcast signals freely transmitted across a massive footprint. The industry’s underlying belief had been that nobody would systematically scan the sky to identify what was being transmitted.
T-Mobile responded most rapidly to the notification in late 2024, finding that the vulnerability affected fewer than 50 of its 82,000 U.S. cell sites, all of which were located in areas dependent on satellite backhaul. The company encrypted those satellite links and introduced additional protections for customer signaling traffic within weeks, closing off future interception through the demonstrated method.
However, any data previously captured remained unrecovered. AT&T Mexico and companies, including Walmart and Santander, began remediation efforts, yet when researchers scanned again in February 2025—more than a year after private notification—some critical infrastructure owners had still not fully secured their satellite paths.
Intelligence agencies in countries such as Russia and China almost certainly identified these weaknesses before academic researchers documented them. The operative concern is not whether foreign services could have intercepted the data, but rather how long they have been doing so and how comprehensively they have mapped military logistics, commercial strategies, and infrastructure layouts from orbit.
Moving forward, security specialists argue that satellite links must be treated as inherently exposed, comparable to public wireless networks. Organizations should assume the space segment is adversarial and apply protection across multiple levels: end-to-end encryption for financial transactions and corporate communications, authenticated and encrypted channels for military systems, segmentation and monitoring for industrial control networks, and cryptographic protection at the satellite link layer itself, where technically feasible.
The disclosed episode represents one of the largest documented exposures of unencrypted satellite communications ever made public. Given that approximately 85 percent of geostationary satellites fell outside the researchers’ field of view in San Diego, the unexamined portion of the global system may harbor even more significant vulnerabilities. The decisions satellite operators and their customers make in the coming years regarding encryption implementation will determine how securely militaries maneuver, critical infrastructure remains operational, and everyday communications travel through space.
Sources:
Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO SatellitesACM SIGSAC Conference on Computer and Communications Security (CCS ’25), October 202
Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate DataWired, October 13, 2025
Researchers find a startlingly cheap way to steal your secrets from spaceCyberScoop, October 13, 2025
Researchers find Mexican satellite data is unencrypted, hackableMexico News Daily, October 16, 2025