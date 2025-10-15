A new study from the University of California, San Diego (UCSD) and the University of Maryland has uncovered a startling gap in global communications security: roughly half of all geostationary satellite transmissions are unencrypted, leaving a vast array of sensitive data exposed to anyone with basic equipment.

Over three years, the research team used an $800 satellite receiver setup atop a UCSD building to capture data from geosynchronous satellites. What they found was alarming – thousands of T-Mobile users’ phone calls and texts, U.S. and Mexican military communications, critical infrastructure operations, and corporate traffic from banks and energy firms, all transmitted without encryption.

The researchers’ paper, “Don’t Look Up,” will be presented this week at a computing conference in Taiwan. The title is a reference to the 2021 film of that title, but is also a phrase the researchers say describes the apparent cybersecurity strategy of the global satellite communications system. “They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security,” says Aaron Schulman, a UCSD professor who co-led the research. “They just really didn’t think anyone would look up.”

Among the findings:

Telecom Data: T-Mobile, AT&T Mexico, and Telmex were among carriers transmitting unencrypted backhaul data between remote cell towers and core networks. In one nine-hour sample, the team collected 2,700 T-Mobile phone numbers and portions of users’ calls and texts.

Military and Law Enforcement Communications: The team intercepted unprotected data from U.S. military sea vessels and detailed communications from Mexican law enforcement and defense agencies, including locations and mission details for aircraft and troops.

Critical Infrastructure: Mexico’s state-owned electric utility and other industrial systems were found transmitting internal operational data, like equipment failures and work orders, without encryption.

Corporate and Consumer Data: The team picked up in-flight Wi-Fi data, unencrypted corporate emails, ATM network information, and inventory details from companies including Walmart Mexico and Santander.

Following disclosure, some organizations, including T-Mobile, moved quickly to encrypt affected systems. Others, particularly in critical infrastructure, have been slower to respond.

Experts say the findings underscore a long-standing but underestimated risk. “It’s crazy. The fact that this much data is going over satellites that anyone can pick up with an antenna is just incredible,” said Johns Hopkins University professor Matt Green in an article in WIRED. “This paper will fix a very small part of the problem, but I think a lot of it is not going to change.”

The researchers have released an open-source software tool, also called “Don’t Look Up,” to help analyze satellite data and encourage encryption across the industry. They warn that while intelligence agencies have likely exploited these vulnerabilities for years, the accessibility of such tools now means anyone can do the same.

(AI was used in part to facilitate this article.)