Security researchers at two US universities were able to intercept T-Mobile customer call and text data from completely unencrypted satellite communications.
Researchers were also able to eavesdrop on sensitive government communications, including US military and law enforcement agencies – and they did all of it using nothing more than an $800 off-the-shelf satellite receiver system …
Wired reports on the frankly incredible findings from a study jointly carried out by UC San Diego and the University of Maryland.
For three years, the UCSD and UMD researchers developed and used an off-the-shelf, $800 satellite receiver system on the roof of a university building in the La Jolla seaside neighborhood of San Diego to pick up the communications of geosynchronous satellites in the small band of space visible from their Southern California vantage point.
By simply pointing their dish at different satellites and spending months interpreting the obscure—but unprotected—signals they received from them, the researchers assembled an alarming collection of private data: They obtained samples of the contents of Americans’ calls and text messages on T-Mobile’s cellular network, data from airline passengers’ in-flight Wi-Fi browsing, communications to and from critical infrastructure such as electric utilities and offshore oil and gas platforms, and even US and Mexican military and law enforcement communications that revealed the locations of personnel, equipment, and facilities.
The research team said they fully expected to find that the data being transmitted through the satellite link was encrypted, but were shocked to discover that it wasn’t. Study co-lead Aaron Shulman said that the satellite security approach seemed to be nothing more than just hoping for the best.
“They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security,” Schulman says. “They just really didn’t think anyone would look up.”
Researchers notified all of the companies and agencies whose data was exposed. T-Mobile responded by quickly encrypting its communications, but not all of the satellite system users have yet done the same.
T-Mobile customer data was exposed because in remote areas the cell towers rely on satellite links to relay the data.
“Last year, this research helped surface a vendor’s encryption issue found in a limited number of satellite backhaul transmissions from a very small number of cell sites, which was quickly fixed,” a T-Mobile spokesperson says, adding the issue was “not network-wide” and that the company has taken steps to “make sure this doesn’t happen again.”
The carrier told us that it implemented nationwide Session Initiation Protocol (SIP) encryption for all customers to further protect signaling traffic as it travels between mobile handsets and the network core, including call set up, numbers dialed and text message content.
Customer data was also obtained from AT&T Mexico and Telmex, with the former stating that it has also fixed the issue.
The data captured by researchers is just a small percentage of the total volume being broadcast given the narrow geographic coverage obtained from a single receiver, so the true global scale of the problem is likely to be very much greater.
Highlighted accessories
- Official Apple Store on Amazon
- Apple 40W Dynamic Power Adapter for iPhone 17
- Official Apple iPhone Air cases and bumpers
- iPhone Air MagSafe Battery
- Official iPhone Air case
- Official iPhone 17 cases
- Official iPhone 17 Pro cases and Pro Max cases
FTC: We use income earning auto affiliate links. More.
Comments