Skip to main content
CybersecurityInfrastructure

Satellite Traffic: Exclusive, Dangerous Unencrypted Gaps

A dimly lit satellite dish on a rooftop points towards the sky amidst a dark cityscape with towering skyscrapers and neon…

“Who’s listening?” It used to be a rhetorical question fit for spy novels. Now, with a modest satellite dish and a few hundred dollars of consumer radio gear, the answer is unnervingly practical: almost anyone who cares to point it skyward. That is the blunt discovery of a recent public study of geostationary satellite communications — a study described by security expert Bruce Schneier as “the most comprehensive public study to date” — which found vast amounts of sensitive traffic being transmitted in the clear and therefore trivially collectible by passive observers.

To appreciate the scale of the problem, a brief primer helps. Geostationary satellites hover roughly 36,000 kilometers above the equator and appear fixed over the same point on Earth; that makes them ideal relays for television, maritime and aeronautical communications, and network backhaul for remote or moving platforms. Each satellite carries multiple transponders, and a single transponder’s footprint can blanket up to 40% of the planet — meaning a single transponder can expose traffic from millions of endpoints to anyone standing in the right place with the right antenna. The recent study used off‑the‑shelf hardware and publicly shared methods to show just how easily an observer can intercept these signals.

The content intercepted is not, as one might hope, only obsolete test patterns or weather maps. Researchers documented clear‑text voice calls and SMS, in‑flight Wi‑Fi and mobile backhaul traffic, corporate and government internal communications, and even streams connected to critical infrastructure. The implications range from embarrassment to real-world danger: exposed login credentials or telemetry can enable account takeover, targeted espionage, or—even worse—planning for sabotage. The passive nature of satellite eavesdropping makes it attractive to adversaries because it leaves little trace.

Why does so much traffic travel unencrypted across such exposed channels? The answers are practical and institutional as much as technical:

/

Legacy systems — satellites and ground terminals are long‑lived. Many were designed before ubiquitous, low‑cost encryption was available and are costly or infeasible to retrofit.

/

Operational models — broadcast and multicast uses complicate key distribution and access management; encryption can be operationally awkward where many recipients need simultaneous access.

/

Cost and performance concerns — operators worry that encryption will add overhead, increase latency, or raise costs on bandwidth‑constrained links.

/

Regulatory and procurement gaps — contracts and regulations have not always required modern cryptographic protections, and some authorities resist blanket mandates because of lawful‑interception and interoperability concerns.

Technically, securing these links is far from a mystery. End‑to‑end encryption protocols, link‑layer security, authenticated tunneling, and modern key‑management frameworks can and do work over satellite links when implemented carefully for the constraints of delay, jitter, and terminal heterogeneity. The study’s authors and subsequent commentators note that many mitigations are already available: make encryption the default for new services, publish satellite‑specific key‑management best practices, incentivize upgrades for operators carrying critical traffic, and require transparency about what classes of traffic remain unencrypted and why. These are practical, incremental fixes that reduce risk without breaking legitimate uses.

Still, several obstacles slow adoption. Replacing satellites or retrofitting large fleets of ground terminals is expensive and logistically complex. Commercial pressures push operators to prioritize capacity and uptime over security upgrades. And policy tradeoffs are thorny: public‑safety broadcasts, multinational coalition communications, and lawful‑access requirements complicate any one‑size‑fits‑all mandate. Policy makers must balance privacy and security against operational needs and law‑enforcement requirements — a delicate negotiation that, in practice, often produces compromise and delay.

Different stakeholders view the danger from distinct vantage points. Technologists emphasize that the vulnerability is remediable: modern cryptography and better design can bring satellite links in line with terrestrial best practices. Operators warn that cost, logistics, and the need for interoperability make immediate wholesale changes unrealistic. Policymakers and regulators must decide whether to nudge, mandate, or subsidize upgrades — and how to preserve lawful access where needed without leaving broad, passive surveillance windows open. Users—airline passengers, energy operators, and ordinary citizens—are mostly unaware of the channels carrying their voice calls, messages, and browser traffic and therefore cannot make informed choices about risk. Adversaries, including nation‑state actors and criminal groups, see passive, untraceable collection as an attractive low‑risk intelligence source.

The human dimension is worth underscoring. Technical fixes will protect data in transit, but procurement practices, industry norms, and regulatory requirements must change too. As Bruce Schneier summarized the practical demonstration: the data “can be passively observed by anyone with a few hundred dollars of consumer‑grade hardware.” That directness removes deniability about the problem’s seriousness.

What should be done, practically? The study and expert commentary point to a layered response:

/

Require encryption by default for new transponder bookings and for services that carry sensitive or personal data.

/

Develop and adopt satellite‑specific standards for key management, multicast encryption, and authenticated access so that operators aren’t inventing ad‑hoc, error‑prone solutions.

/ /

Offer incentives — subsidies, tax credits, or co‑funded modernization programs — for operators who upgrade critical‑service links, recognizing the public‑good nature of secure communications.

/

Mandate transparency so customers and regulators can see what remains unencrypted and why, enabling risk‑based decisions and targeted oversight.

These are not radical prescriptions. They are risk management applied to a medium that, for decades, has been treated as special. That special treatment once made sense; satellites provided connectivity where none existed, and interoperability often trumped confidentiality. The world has changed: satellite links carry the same sensitive business and personal traffic that terrestrial networks carry, and the expectation of reasonable privacy and operational security should follow the traffic.

For readers wondering whether this is imminent danger or theoretical worry: the study’s demonstration was public, repeatable, and inexpensive. That combination elevates the issue from an academic concern to an operational one. Left unattended, the same channels that help ships, planes, and remote communities stay connected could also feed persistent surveillance and targeted disruption. The choice before industry and government is straightforward in concept, messy in execution: modernize, encrypt, and manage keys — or accept that a lot of the world’s communications will remain listenable to anyone who points an antenna and listens.

And so the question returns to us, but now laden with urgency: when so much of modern life rides across channels anyone can eavesdrop, will we treat that as an accident of history or a fixable design flaw that demands action? The cost of delay is not merely lost privacy — it is the growing opportunity for misuse and harm. The path forward is known; whether we take it soon enough is the question that remains.

Source: https://www.schneier.com/blog/archives/2025/10/a-surprising-amount-of-satellite-traffic-is-unencrypted.html