Eavesdropping on Internal Networks via Unencrypted Satellites
Posted2 months agoActive2 months ago
satcom.sysnet.ucsd.eduTechstory
skepticalmixed
Debate
70/100
Satellite CommunicationNetwork SecurityEncryption
Key topics
Satellite Communication
Network Security
Encryption
Researchers highlight the insecurity of unencrypted satellite communications, sparking debate about the novelty and implications of their findings.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
51m
Peak period
21
132-144h
Avg / period
7.7
Comment distribution46 data points
Loading chart...
Based on 46 loaded comments
Key moments
- 01Story posted
Oct 20, 2025 at 6:21 PM EDT
2 months ago
Step 01 - 02First comment
Oct 20, 2025 at 7:12 PM EDT
51m after posting
Step 02 - 03Peak activity
21 comments in 132-144h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 28, 2025 at 4:39 AM EDT
2 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45650167Type: storyLast synced: 11/20/2025, 5:30:06 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Maybe and hopefully not known to the staff of those networks (the current staff could be maintaining what somebody else set up) as some of those companies fixed the problem when contacted by the researchers.
For sure not known to me and a lot of other people. I believed that everything in digital streams was encrypted. Ok, those ATM connections are probably tech from the 90s, but they probably had upgrades in part because of regulations. Privacy, security, nothing?
Example: at the largest place I worked (5000 staff, 200 in Dev/QA) I found out by accident that the outsourced devs where using personal laptops when in a sprint meeting I asked where someone was and got back "His work machine died, he's nipped home to get his personal laptop".
That company constantly raved about how good it's security posture was...
I spoke to my oppo number on the IT/platform team and his response was "yeah we know that happens, I've been trying to get them to ban it/make it impossible for a while".
Over the years, I’ve found shockingly bad failures, usually on areas of internal networks where there is ambiguity as to what internal org is responsible. In old companies with data centers and cloud, there’s often pretty bad gaps.
You could be getting listened to from anywhere.
People do this.
You can't assume that the people you pay to handle your traffic are doing it properly. You or I know not to do this, but it looks like we are not running large phone companies.
I’ll let other people comment on the actual novel elements of the research, because those exist too. But I want to point out that some huge portion of the value of public security research is really “intellectual garbage pickup”: calling out bad technical debt that “everyone knew about” and turning it into actionable security upgrades. Security research is a good part of the reason it’s mostly safe to browse the web on public Internet connections, when it wasn’t a decade ago.
PS As someone who is very cynical about security deployment, even I thought cellular network backhauls would all be encrypted as a matter of course by now, at least in the US.
Black Hat, DEF CON etc seem to have a presentation just about every year that can be summarised as “DVB-S is fair game if you have a few hundred bucks and a quiet afternoon.”
Here’s a decent history of the state of play up to 2009. The authors recognised back then that this is already ground well covered.
http://archive.hack.lu/2009/Playing%20with%20SAT%201.2%20-%2...
And more of the same from 2020.
https://media.defcon.org/DEF%20CON%2028/DEF%20CON%20Safe%20M...
Then you’ve got coverage of the cool applications of this property of VSAT hops, such as the Russian intelligence services using it as a malware exfiltration vector.
https://media.kaspersky.com/pdf/SatTurla_Solution_Paper.pdf
I mean another way to put this is: maybe there’s a problem if you can say “there’s loads of previous work” and yet massive and systemic problems still exist. Where that problem is (holistic nature of the research or the disclosure process) is probably something you could drill down into. But you’ve basically admitted the previous research didn’t do the job, so all we’re doing is haggling about the price.
it's a poor metric -- research doesn't exist to drive policy, but it does aid in decision making.
There are global policies around the world that make no damn sense from even a basic scientific understanding, with little to no research done.
If some research is done, a policy maker is pointed at it, and the only response is a shoulder-shrug you don't shit-can the research and do it over -- you appoint vocal political types to campaign on the existing research.
Just to give an example of effective change-driving work: I would argue that persistent efforts via tools like Shodan and Censys have done a huge amount to clean up the Internet, at least as compared to one-off research efforts followed by “appoint activists to do the rest.” The reason is that companies respond to persistent measurement campaigns in a way that they don’t respond to one-off PR dings.
Most of the research you cite is pretty obscure and you’d have to search for it. Most of it didn’t get a lot of follow-up. When some of the firms with unencrypted backhauls were contacted by the current researchers, they didn’t even know that their backhauls were unencrypted. Finding and communicating this stuff, then following up on it relentlessly is the difference between “we knew and nobody did anything” and “it got fixed.”
Also don’t think for a second the vocal political types can do this work without constant communication from researchers who are willing to continue this work over a period of years.
The spacecraft carries a bunch of linear transponders. RF goes in on one frequency, and comes out on another frequency.
The satellite operator leases you space on a transponder with a specified frequency, bandwidth and power limit, that they monitor very closely for compliance to ensure that you aren’t getting more than you paid for and that you aren’t causing interference.
Everything else about the signal from layer 1 upwards, ie the modulation, symbol rate, FEC etc is largely for the customer to choose, though some operators like Intelsat used to be a bit more prescriptive in this respect. None are looking at your protocol stack from L2 upwards.
"Our technical contributions include:
(1) We introduce a new method to self-align a motorized dish to improve signal quality. Specifically, we could receive IP traffic from 14.3% of all global Ku-band satellites from a single location with high signal quality and low error rate.
(2) We developed a general GEO traffic parser that can blindly decode IP packets from seven different protocol stacks that we observed in our scans. Five of these stacks have never been reported in any public research we are aware of."
Don’t Look Up: Sensitive internal links in the clear on GEO satellites [pdf] - https://news.ycombinator.com/item?id=45575391 - Oct 2025 (138 comments)
The unencrypted transmissions (SMS, phone calls) are much more interesting to listen in on, of course.
Had to look that up.
...and some quote from it:
> One Zignal pamphlet from this year advertises the company’s work with the Israeli military, saying its data analytics platform provides “tactical intelligence” to “operators on the ground” in Gaza. The pamphlet also highlights Zignal’s work with the US Marines and the State Department.
Don't believe me or Jacobin. Verify yourself.
If I found anything on that regard, I'll post them, too.
IDF has massive contracts with american companies to provide AI services for variety of purposes, and confirms its use itself:
https://apnews.com/article/israel-palestinians-ai-technology...
AI lets you do sigint and treat it a lot more like humint. You can e.g. wiretap everybody a suspected terrorist has called in the last year, transcribe all their conversations and pass them through an AI model which flags anything "concerning."
Unlike traditional approaches, AI can distinguish between "bomb" in the context of playing counter strike, discussing a news report and planning an actual terrorist attack.
It can't do anything a human can't do, but it's orders of magnitude cheaper, especially if you can't outsource the human labor due to natsec concerns.
"Due process be damned" is the apparent attitude
Would you mind if one of the 500 was your mother? What if it was you? Would you still be so cavalier?
-- Albert Camus
Contextualized: https://archive.org/details/AlbertCamusArthurGoldhammerAlice...
tl;dr: Satellite TV signals were originally unencrypted and one would watch TV for free with a suitable receiver, but the broadcasters didn't like that, resulting in them eventually being encrypted.