The Defense Innovation Unit’s hybrid space architecture project is to link multiple ground communications systems with diverse satellite networks. Credit: DIU

By Tereza Pultarova,
Published by Space.com, 10 November 2025

“It was quite shocking to us.”

Cybersecurity researchers have intercepted vast quantities of private voice calls and text messages, including potentially sensitive communications of government and military officials, transmitted over completely unprotected satellite communication links.

When the researchers decided to put satellite communications under scrutiny, they thought they would find some flaws. What they discovered was much worse than their wildest dreams. Using a commercial off-the-shelf satellite dish mounted on the roof of a university campus in San Diego, they scanned internet traffic routed via 39 geostationary satellites visible from southern California.

They soon realized that sensitive messages including those involving critical infrastructure and internal corporate and government communications were broadcast via those satellites completely unprotected. The experiment could be easily replicated by hackers using commercially available equipment, the researchers warn, saying the results were “as bad as one could hope.”

“A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks,” the researchers wrote in a statement. “This data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware.”

It turns out that many of these satellites are using outdated equipment, the researchers say. “Geostationary satellites are a somewhat older technology so our expectation was that they will be using some older, outdated cryptography,” Dave Levin, an associate professor in computer science at the University of Maryland who led the research, told Space.com. “So, we thought we would try to listen and then see whether we could break this cryptography. It turned out we didn’t have to because the cryptography wasn’t used at all in large part.”

Geostationary satellites orbit Earth at a distance of 22,000 miles (36,000 kilometers). At this distance, the orbital velocity of a satellite matches the speed of Earth’s rotation. As a result, the satellite appears suspended above a fixed spot on the equator, having a stable view of a large portion of the globe.

Before the advent of low-Earth-orbit internet-beaming megaconstellations such as SpaceX’s Starlink, geostationary satellites were the dominant solution for satellite communications. They are still widely used today, including for military purposes. The satellites scrutinized in the new study make up only about 15 percent of the world’s entire geostationary fleet, Wenyi “Morty” Zhang, a PhD researcher at the University of California, San Diego, and co-author of the study, told Space.com. He thinks the scope of the problem is likely much worse.

Levin said that what the team found was “as bad as one could hope.” The researchers could listen to private phone calls, read text messages, but also see sensitive traffic transmitted by companies and government and military organizations. Data of passengers using in-flight WIFI provided onboard of commercial airliners were also easily visible.

“There were way more things in the clear than we had anticipated,” Levin added. “Moreover, there were also more sensitive things than we had anticipated.”

Zhang said the transmissions included messages sent by Mexican military and the police, and even some communications by the U.S. Government.

See: Original Article

---