Shocking Discovery: Nearly Half of Geostationary Satellites Leak Unencrypted Military, Corporate, and T-Mobile Data
Satellite communication channels used by government agencies, military organizations, corporations, and mobile operators have become the source of a massive global data leak. Researchers from the University of California, San Diego and the University of Maryland discovered that nearly half of all geostationary satellites transmit data without any form of encryption. Over a span of three years, using equipment costing no more than $800, they intercepted thousands of phone calls and text messages from T-Mobile users, as well as sensitive communications from the U.S. and Mexican military, and internal transmissions from energy and industrial companies.
Operating a standard satellite dish mounted on the roof of the La Jolla campus, the team directed their receiver toward various orbiting satellites, decoding signals within a range accessible from Southern California. What they found was staggering: voice calls, in-flight Wi-Fi traffic, military telemetry, internal corporate correspondence, and even banking transactions were being transmitted openly through the air. Among the intercepted data were communications from Mexican law enforcement networks, coordinates of UH-60 Black Hawk helicopters, and details concerning fuel platforms and power grid infrastructures.
The researchers paid particular attention to unprotected telecommunications backhaul channels—service traffic linking remote base stations with central networks. They intercepted data flows from T-Mobile, AT&T Mexico, and Telmex. Within just nine hours of recording T-Mobile traffic, the team gathered phone numbers of more than 2,700 users, along with the contents of their calls and text messages. After being alerted, the U.S. operator promptly enabled encryption, but many Mexican connections remained exposed. AT&T later confirmed that the leak resulted from misconfigured satellite channels in several remote regions of the country.
The investigation also revealed vast volumes of military and industrial information. U.S. vessels were found transmitting unencrypted internet traffic, including ship names and routing data. Meanwhile, Mexican military units were broadcasting radio communications with command centers, as well as maintenance details for aircraft and armored vehicles, all without encryption. Among the exposed records were internal documents from Mexico’s Federal Electricity Commission (CFE) containing incident reports, client addresses, and security logs.
Beyond defense and telecommunications, corporate systems were also compromised. Researchers detected unencrypted data packets from airline onboard networks operated via Intelsat and Panasonic equipment, including passenger viewing histories, service metadata, and even audio streams from in-flight announcements. In some cases, they intercepted internal emails from Walmart employees in Mexico, ATM service records from Santander, and network traffic from Banjercito and Banorte banks. Most organizations secured their channels only after being notified of the breach.
According to the researchers, their findings cover just 15% of all active satellite transponders—the portion of the sky visible from California—suggesting that similar eavesdropping could easily be conducted anywhere in the world using the same modest setup: a $185 satellite dish, a $140 motorized mount, and a $230 TV tuner. Such operations require no professional expertise or specialized equipment—only basic components and patience for calibration.
The team acknowledged that publishing their toolkit, aptly named “Don’t Look Up,” on GitHub might simplify data collection for malicious actors, yet they argue that transparency is essential to raise awareness among telecom operators and infrastructure owners. As the researchers caution, much of today’s satellite communication remains protected by the outdated assumption that “no one is looking up”—a belief that now allows sensitive data streams to be quietly observed from space, spanning nearly the entire planet.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
