Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A Research paper Satellite Internet services, including T-Mobile’s, use unencrypted transmissions that can be intercepted using about $800 worth of equipment, reveals this week at the annual Computer Security Applications Conference.
Don’t miss any of our unbiased technical content and lab reviews. Add CNET As Google’s preferred source.
like First reported in Wired, Research from scientists At the University of Maryland and the University of California, San Diego, it was found that it could access users’ calls and text messages, as well as potentially sensitive data from military and corporate transmissions. (Full paper in PDF titled “Don’t look for: There are sensitive internal links in the clear zone on geostationary satellites,” It can be found online.)
According to Wired’s report and research paper, some providers, including T-Mobile, have made changes to address the vulnerability. The issue has not yet been resolved by other unnamed providers. The researchers declined to be named and said in the article that they had spent the past year warning satellite operators about the dangers of transmitting unencrypted data.
In the paper’s abstract, the scientists said they had pointed a commercial off-the-shelf satellite dish skyward and conducted “the most comprehensive public study to date of geostationary satellite communications.”
“A shockingly large amount of sensitive traffic is being transmitted unencrypted, including critical infrastructure, internal corporate and government communications, citizen voice calls and SMS, and consumer Internet traffic from on-board Wi-Fi and mobile networks,” the scientists confirmed.
In an email to CNET, a T-Mobile spokesperson said that only about 50 cell sites from one vendor were exposed to the vulnerability out of about 82,715 sites across its network. The technical glitch identified by the research affected “remote, sparsely populated areas” and was not an issue on the network’s part, the spokesman said.
The spokesperson also said: “We have implemented nationwide Session Initiation Protocol (SIP) encryption for all customers to further protect signal traffic as it travels between mobile phones and the network core, including call setup, dialed numbers and text message content.”
How to stay safe using satellite networks
Some customers may think there’s an expectation of encryption, or some basic privacy when using satellite networks to make phone calls, send text messages, or even seemingly innocuous activities like GPS tracking while hiking. But it is smart to assume the opposite.
“For consumers, caution is necessary when using the connectivity provided by satellites,” said Mahdi Islam Mehr, who follows the satellite industry. Executive Vice President at Quandary Peak Research. “Satellite links should be treated like open Wi‑Fi hotspots.”
He said people using these technologies could follow the researchers’ recommendation to use their own VPNs or stick to apps with built-in end-to-end encryption, such as Signal or WhatsApp, while relying on satellite internet.
It is also recommended to keep devices updated.
“Patches often include improved encryption protocols,” Islamihr said.
Why is security different on satellites?
Keeping satellite networks secure presents challenges. Satellites often rely on different security protocols, which can be a problem when integrated with traditional networks to provide emergency services or cell towers Back connection cover. Carriers must know where and how to encrypt data that may need to pass through multiple ground stations and satellites from different vendors.
“Not all providers implement encryption consistently, leaving gaps that are very different from the well-understood risks on traditional cellular networks,” Islamiher said.
According to the research, about half of satellite signals tested with inexpensive equipment were found to carry unencrypted data that included sensitive military information, but this could also reveal private information to those using the satellite Internet for non-commercial or military communications or tracking.
People who might use these networks need to understand that satellite technology, especially the way it integrates with existing networks, is still relatively new, Islam Mehr said.
“Technology holds tremendous promise for bridging the digital divide, but it needs a security maturity cycle,” he said.