Satellites Are Leaking Sensitive Data Worse Than Public WiFi, Researchers Warn

A new academic study reveals that geosynchronous satellites are broadcasting unencrypted data globally, exposing private messages, encryption keys, and even military system traffic to anyone with basic equipment.

Researchers Expose Startling Satellite Vulnerabilities

A team of six cybersecurity researchers from the University of Maryland and the University of California has uncovered a major global privacy risk — satellites are leaking sensitive information in plain text, accessible with as little as $600 worth of hardware.

In their study, researchers set up a consumer-grade satellite dish atop a university building in San Diego and monitored 39 geosynchronous satellites. The team discovered a “shockingly large amount of unencrypted traffic,” including cellular encryption keys, private SMS messages, and military or infrastructure communications.

“This data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware,” the researchers stated, warning that data from a single transponder can cover nearly 40% of Earth’s surface.

This is amazing research by Nadia Heninger and her co-authors Wenyi Morty Zhang, Annie Dai, Keegan Ryan, Dave Levin and Aaron Schulman. TL;DR a huge number of satellite links over our heads are totally unencrypted. https://t.co/tXb4RTQS6L

— Matthew Green (@matthew_d_green) October 14, 2025

How Serious Is the Threat?

The exposed data includes transmissions from telecommunication networks, logistics systems, and industrial infrastructure, revealing how easily satellite networks can be exploited. The team emphasized that most of these signals are transmitted without encryption, making them even more vulnerable than public WiFi networks in coffee shops.

Cybersecurity analyst Dr. Michael Trent commented, “This isn’t a sophisticated state-level hack — it’s a broadcast anyone can tune into. The implications for privacy and national security are enormous.”

Providers Respond, but Gaps Remain

The researchers said they notified several major satellite providers about the issue. Some companies, including networks used by T-Mobile, Walmart, and KPU, have since deployed encryption fixes. However, many systems remain unprotected as disclosure efforts continue.

“There is no single stakeholder responsible for encrypting GEO satellite communications,” the team explained, noting the fragmented responsibility across providers.

A key obstacle is cost. Encrypting satellite traffic can increase hardware expenses and reduce network efficiency — especially in remote or emergency networks. Some operators also underestimate the ease of interception, assuming satellites are inherently secure.

Experts recommend using VPNs and end-to-end encrypted apps like Signal or Telegram when relying on satellite internet or messaging systems.

“Encryption should be used at every layer as defense-in-depth protection against individual failures. Treat encryption as mandatory, not an add-on,” the researchers advised.

While the study focused on geosynchronous satellites (GEO), the team noted that low-Earth orbit systems like Starlink appear to use encryption, though they have not yet been independently verified.

Disclaimer

This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.