Eavesdropping on Internal Networks via Unencrypted Satellites

SATCOM Security — a team of researchers from UC San Diego and the University of Maryland:

We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight Wi-Fi and mobile networks. This data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware. There are thousands of geostationary satellite transponders globally, and data from a single transponder may be visible from an area as large as 40% of the surface of the earth.

The researchers don’t mention RCS by name, only SMS, but this is a perfect example of why I thought Apple’s original stance on RCS was correct, and their change of heart to support it last year was unfortunate. No new protocol for messaging should be adopted unless the protocol exclusively works using end-to-end encryption.

Via Wired: “Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data” (News+ link).

Monday, 20 October 2025