While we worry about choose strong passwords and Don’t let the neighbor steal our WiFiit turns out that anyone can capture private data simply by pointing a dish at a satellite. It is not a government conspiracy, it is what some Californian researchers have discovered using a piece of equipment that only costs $800.
What has happened? They count in Wired that several researchers from the universities of California and Maryland have been capturing communications from various satellites for three years. During this time they have collected a huge amount of private data. Among the information collected there is data on calls and messages from users of various operators, the pages visited by airplane passengers who used WiFi on board, communications between different critical infrastructures such as oil platforms or electrical companies and even police and military communications that revealed the position of their equipment.
Why it is important. According to the study’s conclusions, it is estimated that around half of the signal from geostationary satellites carries sensitive information of consumers, companies and also governments. We strive to protect our WiFi networks, our online accounts or mobile devices, but the results of the research make it clear that satellites are a critical element through which data can also be leaked.
A basic equipment. What is striking is that the researchers did not use super complex technology to obtain these findings. They simply placed a satellite dish on the roof of a university building and started pointing it at the satellites. They only invested $800 in the entire equipment. The data they obtained is only from the satellites that they could capture from their position in southern California, which according to their calculations is 15% of the total, so logic leads one to think that the amount of sensitive data will be much larger. In addition, it also shows that anyone could do it from another part of the world.
Operators. The most significant data came from telephone providers, mainly T-Mobile, but also Telmex and AT&T México. In just nine hours of communications logging, researchers were able to collect the phone numbers of more than 2,700 T-Mobile users, as well as text messages and phone calls. After contacting T-Mobile to alert them, the company took steps to encrypt the data. AT&T also fixed this and claimed it was due to a satellite provider failing to configure some towers in a region of Mexico. Telmex has not said anything about it.
Military and police data. That anyone’s data is exposed is already problematic, but that it is data from the army and security forces adds another layer of seriousness. Investigators were able to intercept communications between US military ships and the names of those ships. Since they were in Southern California, they also obtained data from Mexican authorities, including transmissions of confidential information about ongoing operations. “When we started looking at military helicopters, it wasn’t the sheer volume of data that worried us, but rather the extreme sensitivity of that data,” says Aaron Schulman, co-director of the research.
Cybersecurity in space. In August of this same year, researchers found several vulnerabilities which, under certain conditions, could allow remote control of satellites. At the beginning of the Ukrainian war, Russia carried out a cyber attack against ViaSat which affected thousands of users. Cases like these highlight the need to bring the cybersecurity debate to space systems as well and not just terrestrial systems.
Image | SpaceX on Pexels
GIPHY App Key not set. Please check settings