Skip to main content
CybersecurityPrivacy & Surveillance

Satellite Traffic: Stunningly Vulnerable and Unencrypted

Satellite Traffic: Stunningly Vulnerable and Unencrypted

<p“Who is listening?” It is no longer a rhetorical flourish — it is a practical question that can be answered with a cheap antenna and a weekend’s curiosity.

Point a few hundred dollars’ worth of off‑the‑shelf satellite gear at the sky and you can, according to the public study summarized by security expert Bruce Schneier, passively collect vast troves of geostationary satellite traffic that are being broadcast in the clear. “That data can be passively observed by anyone with a few hundred dollars of consumer‑grade hardware,” Schneier writes, after researchers used a commercial‑off‑the‑shelf dish and publicly shared methods to perform what he called “the most comprehensive public study to date” of geostationary satellite communications .

That finding is the kind of slow, disorienting revelation that sits half in the technical world and half in everyday life. These satellites — orbiting roughly 36,000 kilometers above the equator and appearing fixed to observers on the ground — carry television, maritime and aeronautical links, and network backhaul for remote and moving platforms. Each satellite contains multiple transponders; a single transponder’s footprint can cover an area as large as 40% of the Earth’s surface, meaning signals sent without robust protection can be received over continents and oceans alike .

What the researchers actually found is both mundane and alarming. Unencrypted traffic included:

/

Private voice calls and SMS relayed over satellite links, exposing personal communications.

/

Passenger Internet from in‑flight Wi‑Fi and mobile‑operator backhaul, carrying browsing activity, login attempts and app traffic.

/

Internal corporate and government communications — email, file transfers and operational traffic — traversing links with little or no cryptographic protection.

/

Streams tied to critical infrastructure where confidentiality and integrity have direct safety implications.

Those are not hypothetical categories. The study’s documented mix turned the old notion of satellite broadcasting — a relic of television‑era openness — into a modern surveillance vector that adversaries or curious researchers can exploit with minimal cost and zero interaction with the victim. The passive nature of collection makes it attractive to intelligence services, criminals and opportunistic actors because, as the researchers note, it leaves little trace .

Why does this remain true in 2025? The short answer: technological inertia, operational choices, and institutional incentives. Satellites and ground terminals are long‑lived. Many systems were designed when encryption was costly or logistically difficult; replacing or retrofitting them is expensive and slow. Some services — broadcast and multicast — historically prioritized wide accessibility over secrecy, and operators worry that encryption will add overhead, complicate distribution and increase costs on already bandwidth‑constrained links. Finally, procurement and regulatory frameworks have not consistently required modern cryptographic protections, and some national security and law‑enforcement stakeholders resist blanket mandates that could complicate lawful access .

Technologists respond with a familiar refrain: the fixes exist. End‑to‑end encryption, link‑layer security, authenticated tunneling and modern key‑management schemes work over satellite links. When designed with satellite constraints in mind, encryption need not produce “catastrophic performance penalties.” The practical steps urged by experts include making encryption the default for new services, publishing standards and best practices for key management tailored to satellite use cases, and subsidizing or incentivizing upgrades for operators that serve critical infrastructure or high‑risk customers .

But the policy and operational tradeoffs are real. Aviation telemetry, multinational coalition communications and some public‑safety broadcasts require careful key management and distribution. Forcing blanket encryption without workable means for authorized access and interoperability could create its own hazards. Governments must balance privacy and resilience against legitimate law‑enforcement and national‑security needs — a balance that rarely satisfies all stakeholders and is complicated further by global supply chains and cross‑border satellite footprints.

From the user’s perspective the danger is immediate and familiar: an exposed login from an aircraft, a leaked destination or browsing session, or intercepted SMS could lead to identity theft, account takeover or reputational harm. For corporations and agencies, the stakes escalate: unprotected operational commands, telemetry or file transfers can be harvested to plan disruption, target industrial control systems, or facilitate supply‑chain attacks. From an adversary’s point of view, the channel is a low‑risk, high‑yield intelligence source — passive collection leaves scarce forensic evidence.

Industry has started to move. Some operators are adding encrypted payloads, managed key distribution, and hardened terminals, and regional bodies and security groups have urged better risk management. Still, replacing satellites or upgrading distributed ground infrastructure takes money and time; commercial pressures and fragmented regulation slow progress. The study’s authors and commentators recommend transparency reporting about what traffic remains unencrypted and why, combined with targeted policy measures to incentivize upgrades for the most critical users and services .

There is also a practical, short‑term playbook for risk reduction that does not require sending rockets back to the launch pad. Operators can begin by making encryption the default for new transponder bookings and services, adopting interoperable cryptographic standards, and improving key management for multicast and broadcast workflows. Regulators can require disclosure of unencrypted traffic classes so customers know what they are buying. And customers — airlines, utilities, governments — should demand contractual protections, audited configurations and defense‑in‑depth architectures that assume the link may be observed.

Those steps are sensible, but they are not politically or economically frictionless. Who pays for upgrades? How do multinational operators reconcile differing national rules on interception and lawful access? How do emergency services maintain interoperability in crises? These are thorny governance questions that will require technical pragmatism and diplomatic craftsmanship.

In the end, the study’s blunt message is about choice and default. When sensitive traffic travels in the clear across systems designed for openness, it is not fate — it is policy and procurement, habit and budget. The safer path is clear: treat satellite links as potentially observable and protect them accordingly. The slower path is to accept convenience today and pay for exposures tomorrow.

So here is the question that remains: in a world where a few hundred dollars and basic radio gear can turn the sky into a listening post, who will step forward to close the windows that still remain open — and how long will we accept the risk that someone else already has?

Source: https://www.schneier.com/blog/archives/2025/10/a-surprising-amount-of-satellite-traffic-is-unencrypted.html