SATCOM Security

We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks. This data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware. There are thousands of geostationary satellite transponders globally, and data from a single transponder may be visible from an area as large as 40% of the surface of the earth.

Cellular Backhaul

We observed unencrypted cellular backhaul data sent from the core network of multiple telecom providers and destined for specific cell towers in remote areas. This traffic included unencrypted calls, SMS, end user Internet traffic, hardware IDs (e.g. IMSI), and cellular communication encryption keys.

Military and Government

We observed unencrypted VoIP and internet traffic and encrypted internal communications from ships, unencrypted traffic for military systems with detailed tracking data for coastal vessel surveillance, and operations of a police force.

In‑flight Wi‑Fi

We observed unprotected passenger Internet traffic destined for in-flight Wi-Fi users on airplanes. Visible traffic included passenger web browsing (DNS lookups and HTTPS traffic), encrypted pilot flight‑information systems, and in‑flight entertainment.

VoIP

Multiple VoIP providers were using unencrypted satellite backhaul, exposing unencrypted call audio and metadata from end users.

Internal Commercial Networks

Retail, financial, and banking companies all used unencrypted satellite communications for their internal networks. We observed unencrypted login credentials, corporate emails, inventory records, and ATM networking information.

Critical Infrastructure

Power utility companies and oil and gas pipelines used GEO satellite links to support remotely operated SCADA infrastructure and power grid repair tickets.

Don’t look up: There are sensitive internal links in the clear on GEO satellites [pdf]
Wenyi Morty Zhang, Annie Dai, Keegan Ryan, Dave Levin, Nadia Heninger, and Aaron Schulman. 2025. In Proceedings of the 32nd ACM Conference on Computer and Communications Security (CCS ’25), Taipei, Taiwan. ACM.

There is no single stakeholder responsible for encrypting GEO satellite communications. Each time we discovered sensitive information in our data, we went through considerable effort to determine the responsible party, establish contact, and disclose the vulnerability. In several cases, the responsible party told us that they had deployed a remedy. For the following parties, we re-scanned with their permission and were able to verify a remedy had been deployed: T-Mobile, WalMart, and KPU.

We are only publishing information about affected systems and naming relevant parties once the issue has been remediated or an industry-standard 90-day disclosure window has elapsed without response or justification for extending the embargo. In some cases, we are withholding information about affected systems because disclosure is still ongoing as of October 13, 2025. We will update this page with additional information as we are able to.

End Users

There is no way for end users to know if upstream providers are encrypting their traffic. Nearly all Internet browsing traffic was encrypted by end-user devices using TLS or QUIC, and cellular backhaul exposure was limited to a relatively small number of cell towers in specific remote areas. End users can encrypt network traffic they directly generate by using a VPN; for messaging and voice communications use end‑to‑end encrypted apps like Signal.

Organizations Using Satellite Communications

Satellite communication links should be treated like unsecured and public wireless networks. There are many opportunities for encryption: TLS can protect individual application traffic, IPsec or multipoint encrypted VPNs can encrypt networks, and satellite communication providers may offer encryption of the satellite beam. Encryption should be used at every layer as defense-in-depth protection against individual failures. Treat encryption as mandatory, not an add‑on.

Reference Guidance

See the NSA’s VSAT recommendations (2022).

What did your study do?

We set up a consumer-grade satellite dish on the roof of a university building in San Diego, California with a positioning motor and a consumer-grade TV tuner card to capture raw bytes. We then scanned for all transponders (position and frequency) visible from our fixed location, and wrote custom protocol-parsing code to reconstruct network packets from the quirky custom protocol stacks we reverse-engineered from different vendors. We observed 411 transponders across 39 GEO satellites, and our single fixed-location dish could receive IP traffic from 14% of all global Ku-band satellites.

Why aren't all GEO satellite links encrypted?

There are direct costs to enabling encryption. Encryption imposes additional overhead to an already limited bandwidth, decryption hardware may exceed the power budget of remote, off-grid receivers, and satellite terminal vendors can charge additional license fees for enabling link-layer encryption. In addition, encryption makes it harder to troubleshoot network issues and can degrade the reliability of emergency services. Some users may forgo encryption intentionally; others may be unaware these links are unencrypted or underestimate the risk and ease of eavesdropping attacks. While significant academic and activist attention has been put into ensuring nearly universal use of encryption for modern web browsers, there has been much less visiblity and attention paid to satellite network communications.

Several vendors told us they were in the process of transitioning to encrypted links.

What about Starlink/LEO?

Our study focused on GEO satellite systems, which remain in a fixed point relative to the surface of the earth. These systems remain in wide use for critical infrastructure because of their reliability and backwards compatibility. We did not study LEO (Low Earth Orbit) systems (e.g., Starlink), which offer higher bandwidth and greater coverage but require more complicated receiving hardware. Our understanding is those links are encrypted, but we have not independently verified this.

What about the uplink?

The downlink signal from a satellite typically broadcasts to a wide geographic area, but the returning uplink is more focused. This means that from our single vantage point in San Diego, California, we were only able to observe one half of a given network connection.

Did you have to hack or interfere with any satellites?

Our study was fully passive; we simply set up a consumer-grade satellite dish on Earth and observed traffic without transmitting ourselves.

Can you tell if someone is listening to traffic?

Since this unencrypted data can be observed fully passively, there is no way to know if someone has set up a dish to listen.

Can you audit our network?

If you would like our assistance in determining whether your network traffic has been exposed, please get in touch.

Is this legal/ethical?

We consulted with the University of California legal counsel on the design of our study and worked closely with them during disclosure. We have gone through considerable effort to attempt to disclose the vulnerabilities we found to affected parties.

Dontlookup DVB-S2(X) IP Packet extractor (GitHub)

Contact our research group at satcomsec-g@ucsd.edu for both academic and press questions about this project. Also, we will answer questions about how to use our open source dontlookup DVB-S2(X) IP Packet extractor. If you find a bug, please directly file an issue on the GitHub.

This study was performed by computer scientists at the University of California, San Diego and the University of Maryland, College Park.

• Wenyi Morty Zhang (UCSD)
• Annie Dai (UMD)
• Keegan Ryan (UCSD, graduated)
• Dave Levin (UMD)
• Nadia Heninger (UCSD)
• Aaron Schulman (UCSD)

We will update this section with links to external media coverage and press releases.

• Wired article by Andy Greenberg and Matt Burgess

• (2025-10-13) Initial release