amalia4d ago
Andy Greenberg
Researchers pointed a satellite dish at the sky for 3 years and monitored what unencrypted data it picked up. The results were shocking: They obtained thousands of T-Mobile users' phone calls and texts, military and law enforcement secrets, much more: 🧵👇https://www.wired.com/story/satellites-are-leaking-the-worlds-secrets-calls-texts-military-and-corporate-data/
Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data

With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted.

WIRED
Oct 14 at 1:13amWeb
Show threadAndy Greenberg4d ago
Their study, out today, reveals that roughly half of geostationary satellite communications they monitored were unencrypted. A flood of secrets pouring down from space, available to anyone with an $800 receiver setup. (And there's no doubt spy agencies have been listening, too.)
Show threadAndy Greenberg4d ago
Most striking to me was that the data included phone calls and text messages from several US and Mexican phone carriers. Remote cell towers connect to core carrier networks via satellite, relaying conversations via space—sometimes with no encryption.
Show threadAndy Greenberg4d ago
But some of the data the researchers found was even more sensitive: US and Mexican military and law enforcement communications that revealed the locations of personnel, equipment, and facilities. Industrial control system communications to power grids and offshore oil and gas.
Show threadAndy Greenberg4d ago
A lot of this data, such as the T-Mobile leak, is now encrypted thanks to the researchers' work. But all of it was obtained from a single dish on the roof of a building in San Diego. These findings are based on just 15% of geostationary satellite signals over the US and Mexico.
Show threadAndy Greenberg4d ago

That means a dish in a different place would pick up entirely different data. Probably an entirely different stream of unencrypted secrets.

As @mattblaze told me:

Show threadAndy Greenberg4d ago
Read our full story here: https://www.wired.com/story/satellites-are-leaking-the-worlds-secrets-calls-texts-military-and-corporate-data/
Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data

With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted.

WIRED
Show threadFaraiwe4d ago
@agreenberg unless it's TACLAN over NIPR sat, or SIPR, everything NIPR by sat is unencrypted by default. They can add encryption to messages/email, but the regular traffic is just the same as any large corporation.
Show threadMugita Sokio4d ago

@faraiwe

I personally think that, from this summary, since this is Starlink partnering with a German telecom giant (T-Mobile the American arm of Deutcshe Telecom in my eyes), that nonsense in unencrypted intentionally, and they may not want it turned on for "security reasons" or some nonsense like that.

This means that you have to encrypt that stuff yourself using software already available. Better yet, encrypt your sensitive stuff before it gets sent.

Show threadCharlie4d ago

@msokiovt @faraiwe

That's a cool article! Kudos to T-Mobile for patching their shit when they were informed of the issue.

Also yes Mugita; T-Mobile is owned by Deutsche Telekom. That's no secret.

Additionally, they talk heavily of public-access phone calls and text messages; both of which are transmitted on the public teleco network. Again it's no secret that phone calls and SMS messages lack proper security; they have lacked proper security since the 1980's and I don't foresee them changing their policies anytime in the future.

Take cell phones for example; they usually use encryption to connect to the tower, but will gladly connect to an unencrypted node with not even a notification to the user.

Intentional or not; malicious or not; just never trust third party vendors to keep your data safe. Only rely on public/private keys that you personally control. This is why I publish my public GPG keys just in the off chance someone opts to message me actually securely.

Oh yeah, and my phone does not contain my private GPG keys, because mobile phones are inherently insecure.

Show threadlarge kira model4d ago
@agreenberg lmao
Show threadAdam Shostack  4d ago
@agreenberg Anyone have a summary of what’s new/How does this differ from https://www.pcmag.com/news/sensitive-satellite-internet-data-is-easily-accessible ?
Sensitive Satellite Internet Data Is Easily Accessible, If You Know Where to Look

At Black Hat, an Oxford University student outlines how his team intercepted unencrypted satellite internet data across a 'massive attack area' from government agencies, major shipping companies, Greek billionaires, and more.

Show threadAnne Ominous4d ago

@adamshostack @agreenberg

from only a CURSORY look at that article you posted, and the one posted by greenberg..

i would say this is the major difference, tho both studies came to similar conclusions:

the Oxford team focused on 18 satellites, and what they were broadcasting,

while this new study has used a satellite dish to pick up ANY communications from transmitting satellites that were passing over their dish

*this is just my own assumption - feel free to correct me if i'm wrong

Show threadJuli Jane3d ago

@rustoleumlove
Nope. The article says this new research was also targeting geosynchronous satellites.

"[...] communications of geosynchronous satellites in the small band of space visible from their Southern California vantage point. By simply pointing their dish at different satellites [...]"

@adamshostack

Show threadqurlyjoe4d ago
@agreenberg
Gotta wonder how many Pete Hegseth texts and calls they could pick up?
Show threadAnne Ominous4d ago

@agreenberg

getting a flashback

to that scene in Heat

where the guy is proposing the massive bank heist where the thieves will score millions ...
and de niro is like where did you get this information?!

and the dude replies something like: 'it's just beamed thru the air, all you have to do is grab it'

🤣 😩 🤣

(it never fails to amaze me that art is absolutely prescient but NO ONE LEARNS from it)

Show threadFurbland's Very Cool Mastodonâ„¢4d ago
@agreenberg crazy stuff happening at dunkeltaler
Show threadprivacy_guru4d ago
@agreenberg @st1nger This is why encrypting your communications with 3rd party tools is so important. You can't always trust the privacy and security claims of the companies in charge of the infrastructure.
Show threadAngela Scholder4d ago
@agreenberg Wow!
Show threadJohn Cormier 🇨🇦4d ago
@agreenberg I don’t need another hobby, I don’t need another hobby, I don’t need another hobby. He tells himself, over and over..
Show threadadingbatponder3d ago
@agreenberg The link is a teaser and provides no information and is horrible to boot.
Show thread90s Script Kiddie3d ago
@agreenberg Paywall-free link for those who need it:
https://archive.ph/OSx06
Show threadפְּרִי3d ago

@agreenberg
I saw someone post this earlier, and commented then about these two articles:
Turns out, a bunch of people hijack old non-encrpted US satilites for funzies:
https://www.rtl-sdr.com/hunting-for-space-radio-pirates-on-the-us-military-flt-satcom-satellites/

and of course, certain waring parties do it:

https://www.rtl-sdr.com/saveitforparts-listening-in-on-russian-soldiers-hijacking-us-military-satellites/

but remember, if you're using hijacked non-encrypted satellites to communicate with each other, assume your enemy is too. 'Cause I can assure you that Ukraine does.

Hunting for Space Radio Pirates on the US Military Fleet Satcom Satellites

In the 70's and 80's the US government launched a fleet of satellites called 'FLTSATCOM', which were simple radio repeaters up in geostationary orbit. This allowed the US military to easily communicate with each other all over the world. However, the technology of the time could not implement encryption. So security relied entirely on only the US militaries technological advantage at being the only ones to have radio equipment that could reach these satellites. Of course as time progressed equipment which could reach the 243 - 270 MHz range of the satellites became common place, and the satellites began picking

rtl-sdr.com