CYBERSECURITYThe Sky is Full of Secrets: Glaring Vulnerabilities Discovered in Satellite Communications

Published 19 January 2026

With $800 of off-the-shelf equipment and months worth of patience, a team of U.S. computer scientists set out to find out how well geostationary satellite communications are encrypted. And what they found was shocking.

With $800 of off-the-shelf equipment and months worth of patience, a team of U.S. computer scientists set out to find out how well geostationary satellite communications are encrypted. And what they found was shocking. 

Close to half of the communications beamed from satellites to the ground that the researchers were able to listen in on were not encrypted. This included sensitive data including cellular text messages, voice calls, as well as sensitive military information, data from internal corporate and bank networks, and the in-flight online activity of airline passengers. 

The research team, led by Aaron Schulman and Nadia Heninger, two computer science professors at the University of California San Diego, then set out to find out which companies and government agencies were failing to encrypt data in order to contact them and disclose the vulnerabilities.

In this study, researchers focused on geosynchronous (GEO) satellites, which orbit the Earth at a fixed altitude and position around the equator. 

“Given that any individual with a clear view of the sky and $800 can set up their own GEO interception station from Earth, one would expect that GEO satellite links carrying sensitive commercial and government network traffic would use standardized link and/or network layer encryption to prevent eavesdroppers,” the researchers write in a paper presented in October at the CCS 2025 conference in Taiwan.

“There has been a concerted effort over the past two decades to encrypt Web traffic because of widespread concern about government eavesdropping through tapping fiber-optic cables or placing equipment in Internet exchange points; it is shocking to discover that this traffic may simply be broadcast to a continent-sized satellite footprint,” the researchers also write. 

In several cases, the researchers’ findings led to immediate action. The team disclosed to T-Mobile that some of their satellite traffic was unencrypted and left text messages, user Internet traffic and the content of voice calls vulnerable to eavesdropping. The company then quickly enabled encryption. Other organizations including Walmart and KPU Telecom have also enabled encryption in response to the researchers’ findings.