For three years, security researchers at a pair of universities in the U.S. used an off-the-shelf $800 satellite receiver placed on a university rooftop to collect "samples" of data generated by calls and text messages off of the cellular networks belonging to T-Mobile, AT&T Mexico, and Telmex. Taking the information off of an unencrypted satellite, the researchers were also able to obtain data from Wi-Fi browsing conducted by airline passengers.
Researchers were surprised to find that all of these signals were not encrypted
By pointing the receiver at different satellites, the researchers amassed a treasure trove of data that included communications made by U.S. and Mexican military and law enforcement. This information included sensitive information such as the locations of personnel, equipment, and facilities. The university researchers expected the data to be encrypted and were surprised when they discovered that it wasn't.
"It just completely shocked us. There are some really critical pieces of our infrastructure relying on this satellite ecosystem, and our suspicion was that it would all be encrypted. And just time and time again, every time we found something new, it wasn't. They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security. They just really didn't think anyone would look up."
-Aaron Schulman, UCSD professor, co-leader of the research team
T-Mobile customers will be happy to learn that just weeks after speaking with the researchers, the carrier quickly encrypted the communications data to prevent them from being grabbed by others. But other companies, including firms that own critical infrastructure in the U.S. that the report calls "vulnerable," have not followed T-Mobile in improving the security of their satellite systems.
Anyone can set up a satellite receiver without spending a fortune
The researchers only were able to obtain the signals from satellites they could receive in San Diego which they computed to be 15% of the number of operating satellites. This is a scary number because it would seem to reveal that there is a huge amount of data that can be stolen by bad actors using a simple satellite receiver that costs under $1,000. Anyone who sets up a satellite receiver can pick up signals from satellites being sent to remote cell towers, even those thousands of miles away.
Diagram shows the workings of a carrier's backhaul operations. | Image credit-RFIC Solutions
These towers, located in the desert or areas with a heavy presence of mountains, use satellites to send their signals to and from a carrier's core network. This is the important "backhaul traffic." Those with a satellite receiver can pick up the backhaul traffic meant for the cell towers, and some unencrypted backhaul signals from carriers like T-Mobile, AT&T Mexico, and Telmex were obtained by the researchers.
2,700 phone numbers were obtained by the researches from T-Mobile signals
Cybersecurity expert Matt Green, a computer science professor at Johns Hopkins University, went through the researchers' report and stated, "It's crazy. The fact that this much data is going over satellites that anyone can pick up with an antenna is just incredible,” Green says. "This paper will fix a very small part of the problem, but I think a lot of it is not going to change." What is even scarier is the following comment made by Green: "I would be shocked if this is something that intelligence agencies of any size are not already exploiting."
Does this article make you worried about the security of your cell calls and texts?
Yes. A small portion of U.S. backhaul traffic was patched.
65.71%
No. No one cares what I have to say or text.
17.14%
I don't know whether I should be scared.
17.14%
In nine hours of recording T-Mobile's backhaul satellite communications from their one dish, the researchers were able to collect 2,700 phone numbers, and all of the calls and texts that they received during that time period. It should be pointed out that the researchers could hear or read only one side of the conversations. Phone calls and messages sent to T-Mobile's remote towers were obtained by the research team while those sent from the towers to the carrier's core network would have required another satellite dish.
Recommended For You
We've told you already that T-Mobile fixed its issue with the unencrypted satellite rather quickly, back in 2024. AT&T blamed a third-party vendor for its problem in Mexico. "A satellite vendor misconfigured a small number of cell towers in a remote region of Mexico," the carrier said. The researchers did say that they did not come across unencrypted Verizon or AT&T U.S. data.
The U.S. National Security Agency issued a security advisory in 2022 alerting others about the lack of encryption in satellite communications. It is assumed that the NSA and other intelligence agencies are already taking advantage of this vulnerability which means that wireless firms using satellites to transmit voice, text, and data should be examining the security of their backhaul if they haven't already.
Travel Easy with Nomad eSIM – 25% Off
25% off eSIM data-only plans & global coverage - enter code IPHONE25, sign up required
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts:
New accounts created within the last 24 hours may experience restrictions on how frequently they can
post or comment.
These limits are in place as a precaution and will automatically lift.
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed:
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts: