Security

When a £500 Sattelite Dish Can Hear Your Army, Your Bank, and Your Nan

Keystone Collective

11 min read
When a £500 Sattelite Dish Can Hear Your Army, Your Bank, and Your Nan
Photo by Kevin Stadnyk / Unsplash

There’s something wonderfully comforting about space. The vastness. The stars. The crushing existential reminder that one day all this will end, and none of your unread Slack threads will matter. And of course, the satellites, those sophisticated metal darlings we’ve lobbed into orbit to beam encrypted packets of civilisation across the globe. Highly secure. Highly advanced. Highly, broadcasting military telemetry, corporate emails, power-grid repairs, law enfircement records, and live voice calls in clear text, audible to anyone with a £500 sattelite dish and a resolute refusal to make weekend plans.

Yes. Satellites, the icons of the future, the proud backbone of global communications, have been found behaving like a senile grandmother shouting her bank PIN through a megaphone in a Tesco car park.

According to a new study (Zhang et al., 2025), roughly half of all GEO satellite IP links are broadcasting internal communications without any encryption at all. That’s not a minority. That’s not a rounding error. That is a cosmic, shimmering, catastrophic you-had-one-job.

Welcome to the orbital clown show. Let us begin.

Telnet, But Make It Cosmic

There’s a special kind of schadenfreude that comes from discovering that the very same infrastructure connecting military vessels, government agencies, and multinational corporations to their global networks is, in practice, less secure than your neighbour’s 2005 Wi-Fi password, the public hotspot at Gatwick Airport, and most toddlers’ understanding of online safety.

Satellites! The glamorous, mysterious objects we point at in spy movies whenever someone wants to appear technologically competent. Turns out many of them are effectively screaming: Hello world! Here is today's banking traffic. Also some military location data.

Because while satellite TV has been encrypted since the era when hair gel was socially acceptable, corporate and government IP links apparently missed the memo. Encryption is supported, yes. Built in, even. Offered as a feature. Included. Optional. Lovely. But actually enabled? Not so much.

Based on the study’s findings, operators appear to treat satellite links as internal private networks, which is an adorable assumption, if catastrophically misguided. Satellite links are broadcast links. You know. Like radio. The thing everyone can listen to. It’s like assuming your internal office gossip is safe because you whisper it loudly into a stadium public announcement system. Bless.

A Brief, Depressing History of Satellite Communications

To understand just how badly this whole situation has gone off the rails, it’s worth revisiting what satellite communication was meant to be. In the beginning, satellites were supposed to embody technological majesty: vast metal arcs floating serenely in geostationary orbit, beaming global connectivity with all the competence and dignity of a seasoned air-traffic controller. The idea was simple enough. Park your spacecraft 35,786 kilometres above the equator, match the Earth's rotation, and enjoy an uninterrupted view of half a continent. From this regal vantage point, each GEO satellite would act as a stable, dependable relay node for important things like telecom infrastructure, remote connectivity, and of course, hundreds of channels of reality television.

This, at least in theory, was a triumph of engineering. In practice, it has aged about as gracefully as a Windows 95 tower left in a damp garage. The modern GEO ecosystem is a strange museum of legacy equipment, idiosyncratic configurations, eccentric operating assumptions, and the general air of “if it ain’t broke, don’t touch it, and if it is broke, pretend it’s fine because launching another satellite costs money.” Many operators still behave as though their orbiting hardware exists in some private, hermetically sealed network bubble, immune to the laws of physics and radio. Never mind that radio waves, by their very nature, are broadcast indiscriminately to every square metre of a footprint roughly the size of Australia. No, to them, it’s all basically an extension cable. A really, really long one.

Meanwhile, the researchers in the study went out and did something unbelievably reckless: they bought consumer hardware. No military dish the size of a lorry. No Cold War-era intelligence complex. Just a modest reflector, a second-hand tuner card, a budget motor mount, and presumably a trip to the hardware aisle for cable ties. With this frankly insulting amount of equipment, they managed to scan thirty-nine different satellites and poke around 411 Ku-band transponders as if they were rifling through drawers in a poorly guarded filing cabinet.

What they found was a wonderfully tragic time capsule. The protocols they encountered ranged from venerably ancient to aggressively proprietary. Some satellites used established, documented standards. Others used standards that once had documentation but appear to have lost it sometime around 2007. A few, it seems, had documentation that was written by someone who truly believed mixing endianness and ad-hoc encapsulation methods was a perfectly rational engineering decision. In one transponder, the researchers discovered that all the data words had been arbitrarily byte-swapped, a kind of cosmic practical joke masquerading as a design feature.

And rather than presenting an insurmountable challenge, this mess merely encouraged the researchers to expand their Franken-decoder until it could handle legacy MPEG transport streams, modern DVB-S2 variants, and all the undocumented gremlins in between. What should have been a robust, tightly regulated communication architecture instead turned out to be a patchwork of historical accidents, vendor eccentricities, and operator shortcuts, all duct-taped together with the unwavering confidence that “no one would ever look too closely.”

In short, the history of satellite communications isn’t a tale of technological grandeur. It’s a tale of ambitious beginnings, followed by decades of improvisation, complacency, and occasionally baffling design choices that no one has dared question because the equipment is 36,000 kilometres away and difficult to replace. And now, armed with nothing more than consumer electronics and an afternoon of determination, a group of researchers has revealed just how transparent this orbital illusion truly is.

While the GEO satellites creak along like ageing infrastructure held together with duct tape and institutional denial, their younger cousins in low Earth orbit are busy reenacting the world’s most expensive game of self-immolation. Starlink, in particular, has adopted a refresh cycle so enthusiastic that half its fleet seems to spend more time falling out of orbit than staying in it. One minute they’re proudly providing high-speed broadband to remote provinces; the next they’re blazing across the sky like a celestial farewell gesture.

In theory, this relentless churn is a feature. Planned obsolescence, they call it. “Sustainable satellite architecture,” if you believe the marketing. “We totally meant for it to burn up,” if you don’t. The result is a constellation whose turnover rate would make even a fast-food chain’s HR department sweat. There are more replacement Starlinks going up than complaints about them cluttering the night sky, and that’s saying something.

And yet, for all this activity, LEO networks are not the ones laying bare the world’s digital underwear drawer. No, that honour goes to the venerable GEO fleet, the stately, geostationary grandees plodding along above the equator, ferrying phone calls, surveillance data, banking traffic and the occasional unencrypted military secret. While Starlink burns brightly and dies young, the old guard remains fixed in orbit, unblinkingly broadcasting sensitive information across entire continents. The contrast between the two generations of satellites is rather poetic: the young throw themselves into the atmosphere with reckless abandon, while the old quietly give away government intelligence like they’re gossiping over a garden fence.

What Happens When You Point a Dish at the Sky and Press “Scan”

There is a certain thrill in discovering that high-level espionage, the kind people write spy thrillers about, can now be replicated in one’s back garden with the sort of equipment you could purchase using leftover Christmas money. The researchers behind this study did not so much embark on a grand intelligence operation as they did a casual weekend project. One imagines them wandering outside with a mug of tea, bolting a modest dish to a motor mount, and casually dismantling the secrecy of a dozen industries.

The process sounds suspiciously simple. Aim the dish upward. Let the motor do its slow, sweeping dance across the Clarke Belt. Keep an eye on the tuner card, as it dutifully attempts to interpret whatever celestial gibberish it encounters. Occasionally adjust the system when a satellite refuses to sit neatly in its orbital slot, like a moody cat refusing to stay on a windowsill. And that’s it. With this almost offensively inexpensive rig, the researchers effectively tapped into the largest open broadcast ecosystem in human history.

Of course, the real work begins once the signals start pouring in. What should have been a consistent, predictable data landscape rapidly reveals itself to be a labyrinth of incompatible standards and vendor-specific whims. Some satellites obediently follow DVB-S2 conventions. Others cling stubbornly to legacy MPEG transport streams as if fearful of change. A few seem to have invented their own protocols entirely, possibly over drinks. By the time the researchers encountered a transponder whose creators had decided, for reasons known only to them, to arbitrarily swap the byte order of every 16-bit word, the mission had drifted from engineering into anthropology.

Yet every bizarre hurdle only encouraged the researchers to extend their homebrewed decoding monster further, until it could digest almost anything thrown at it. In the end, what began as a simple scan turned into a kind of archaeological dig through the sedimentary layers of satellite engineering decisions, each more unhinged than the last, ultimately revealing the quite miraculous fact that the whole system functions at all.

The Horror Show of Cleartext Space Traffic

The revelation that satellites are spilling secrets is shocking enough. The revelation which secrets they are spilling is something else entirely. What the researchers uncovered was less a trickle of incidental leakage and more a burst pipe of unencrypted absurdity, gushing out across a footprint that covers large swathes of North America and beyond.

Telecom operators were among the most enthusiastic contributors to the catastrophe. T-Mobile, for example, kindly provided an entire buffet of plaintext delights: SIP messages, RTP audio streams, unencrypted SMS traffic, and thousands of metadata records politely revealing user behaviours. AT&T Mexico put in a similarly generous effort, proudly emitting S1 signalling, NBAP control traffic, encryption keys, and enough identifying information to make any intelligence analyst weep with gratitude.

Voice-over-IP systems, meanwhile, were practically screaming into the void. TelMex alone accounted for hundreds of live calls being transmitted in the clear. Conversations, caller IDs, set-up protocols, all drifting across the airwaves like confetti tossed from a parade float. Other telecoms showed similar disregard for privacy, casually sharing DNS traffic, device identifiers, and the various behind-the-scenes mutterings of their infrastructure.

Then, as if telecommunications weren’t enough, the researchers stumbled upon government and military traffic so exposed it might as well have worn a neon sign saying “Free secrets here.” US military vessels transmitted SIP traffic, DNS queries, SNMP data, and enough operational metadata to track ships with unsettling precision. The Mexican government contributed fully unencrypted web applications, tactical logs, surveillance data, and sensitive internal documents transmitting in cheerful HTTP, as though oblivious to the idea that the radio spectrum is not a private diary.

Even the corporate world joined in. Walmart Mexico obligingly broadcast Telnet logins, the digital equivalent of leaving your house keys in the front door, along with internal email, FTP transfers, inventory systems, store operations data, and various Windows networking artefacts that paint a detailed portrait of their internal systems. Banks chimed in with LDAP authentication traffic, ATM metadata, and internal certificate information. It was a veritable potluck of operational negligence.

By the time the researchers finished cataloguing the trove, the picture was unmistakable: half the things travelling through the sky should never have been allowed to leave the ground.

Encryption: The Feature Nobody Wanted

One might reasonably assume that the solution to all this is fairly straightforward: encrypt the data. And indeed, satellite system vendors have spent years politely offering encryption options, bundling them neatly into their equipment like complimentary biscuits in a hotel room. Every major provider, Gilat, Hughes, iDirect, Viasat, and others, has repeatedly stated, often with admirable patience, that encryption is available, it is supported, and it is very easy to use.

Unfortunately, operators have responded with all the enthusiasm of a teenager being asked to tidy their room. Encryption, after all, consumes bandwidth. It complicates configurations. It requires occasional human attention. And most importantly, turning it on acknowledges the uncomfortable truth that satellites are not internal networks but enormous floating broadcast towers blasting data indiscriminately across vast territories.

Instead, many operators have adopted the far simpler approach of denial. Some assume nobody will bother to look. Others assume that proprietary protocols or obscure encapsulation schemes count as security. A few cling to ageing equipment that technically supports encryption but only after a firmware update rumoured to cause mild inconvenience.

Thus, encryption remains the lonely, unappreciated safety feature of the satellite world, forever promised, rarely implemented, and now thoroughly missed.

Didn’t People Hack Satellites Before? Yes, But Not Like This.

People have been poking at satellite systems for decades, but the scale and accessibility of this study represent something entirely new. Previous efforts, whether academic explorations of maritime traffic or the occasional DEF CON challenge, were narrow in scope and reliant on specialist equipment. The barrier to entry was high enough that most organisations could pretend the threat was theoretical.

This new work obliterates that defence. The researchers demonstrated that with nothing more than consumer hardware and perseverance, one can inspect large swathes of the GEO ecosystem, an ecosystem previously assumed too vast, too complex, or too obscure to be meaningfully surveyed. The findings show not isolated weaknesses but systemic negligence across dozens of industries. What once required intelligence-agency resources can now be reproduced by hobbyists who remember to water their houseplants.

The result is an uncomfortable truth: it’s not that satellites have just become insecure. It’s that their insecurity has finally become impossible to ignore.

Why This Actually Matters (Besides Being Hilarious)

While it is admittedly darkly entertaining to discover that multinational companies, government agencies, and military assets are all shouting their internal communications into space, there is a deeply serious side to this fiasco. Unencrypted satellite links open the door to espionage at a scale that would make Cold War intelligence officers foam at the mouth. Organised crime groups no longer need to break into bank networks; they can simply listen. State actors need not deploy complex interception satellites; they need only wait patiently on the ground with a dish. Even casual opportunists could build detailed profiles of individuals simply by monitoring call metadata and browsing habits.

Beyond privacy concerns, there is the matter of critical infrastructure. Power grids, navigation networks, emergency services, and supply chains rely heavily on satellite connectivity. When their communications wander around unencrypted, the risk extends far beyond embarrassment. It becomes a national security concern, a public safety issue, and a potential vector for large-scale disruption.

The tragic comedy of all this is that none of it needed to happen. Encryption is readily available. The technical barriers are low. What’s missing is the industry’s collective willingness to behave like it’s no longer 1997.

Fixing the Sky (Or: Deploying Encryption Like It’s a New Idea)

Repairing this cosmic privacy disaster does not require reinventing satellite communication. It merely requires operators to do the absolute bare minimum. The first step, shockingly enough, is to enable encryption. Turn it on. Leave it on. Resist the temptation to turn it off because the throughput drops by a percentage point. After that, it helps to retire equipment whose firmware predates most modern cybersecurity principles. Auditing satellite links as though they were public networks, because they are, would also be revolutionary.

A world where satellites no longer whisper secrets across a forty-million-square-kilometre footprint is entirely achievable. It simply requires acknowledging that obscurity is not security and that hiding behind old protocols is not a strategy but a confession of negligence.

Until then, the sky will remain the world’s largest accidental broadcast station, replaying sensitive traffic to anyone with curiosity and a dish.

References:

Zhang, W.M., Dai, A., Ryan, K., Levin, D., Heninger, N. and Schulman, A. (2025) Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites. In: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security (CCS ’25), Taipei, Taiwan. New York: ACM Press. Available at: https://satcom.sysnet.ucsd.edu/docs/dontlookup_ccs25_fullpaper.pdf (Accessed: 17 November 2025).

Pavur, J., Moser, D., Strohmeier, M., Lenders, V., & Martinovic, I. (2020). A tale of sea and sky: On the security of maritime VSAT communications. IEEE Symposium on Security and Privacy, 1006–1022. Available at: https://doi.ieeecomputersociety.org/10.1109/SP40000.2020.00056 (Accessed: 17 November 2025).

DEF CON (Various years) Hack-A-Sat Competition Materials. Available at: https://www.hackasat.com (Accessed: 17 November 2025).

Lin, M., Cheng, M., Luo, D. and Chen, Y. (2023) ‘CLExtract: Recovering Highly Corrupted DVB/GSE Satellite Stream with Contrastive Learning’, ArXiv:2310.08210. Available at: https://doi.org/10.48550/arXiv.2310.08210 (Accessed: 17 November 2025).

Read more