Andy GreenbergOct 14
Researchers pointed a satellite dish at the sky for 3 years and monitored what unencrypted data it picked up. The results were shocking: They obtained thousands of T-Mobile users' phone calls and texts, military and law enforcement secrets, much more: 🧵👇https://www.wired.com/story/satellites-are-leaking-the-worlds-secrets-calls-texts-military-and-corporate-data/
Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data

With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted.

WIRED
Show threadAndy GreenbergOct 14
Their study, out today, reveals that roughly half of geostationary satellite communications they monitored were unencrypted. A flood of secrets pouring down from space, available to anyone with an $800 receiver setup. (And there's no doubt spy agencies have been listening, too.)
Show threadAndy GreenbergOct 14
Most striking to me was that the data included phone calls and text messages from several US and Mexican phone carriers. Remote cell towers connect to core carrier networks via satellite, relaying conversations via space—sometimes with no encryption.
Show threadAndy GreenbergOct 14
But some of the data the researchers found was even more sensitive: US and Mexican military and law enforcement communications that revealed the locations of personnel, equipment, and facilities. Industrial control system communications to power grids and offshore oil and gas.
Show threadAndy GreenbergOct 14
A lot of this data, such as the T-Mobile leak, is now encrypted thanks to the researchers' work. But all of it was obtained from a single dish on the roof of a building in San Diego. These findings are based on just 15% of geostationary satellite signals over the US and Mexico.
Show threadAndy GreenbergOct 14

That means a dish in a different place would pick up entirely different data. Probably an entirely different stream of unencrypted secrets.

As @mattblaze told me:

Show threadAndy GreenbergOct 14
Read our full story here: https://www.wired.com/story/satellites-are-leaking-the-worlds-secrets-calls-texts-military-and-corporate-data/
Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data

With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted.

WIRED
Show threadFaraiweOct 14
@agreenberg unless it's TACLAN over NIPR sat, or SIPR, everything NIPR by sat is unencrypted by default. They can add encryption to messages/email, but the regular traffic is just the same as any large corporation.
Show threadMugita SokioOct 14

@faraiwe

I personally think that, from this summary, since this is Starlink partnering with a German telecom giant (T-Mobile the American arm of Deutcshe Telecom in my eyes), that nonsense in unencrypted intentionally, and they may not want it turned on for "security reasons" or some nonsense like that.

This means that you have to encrypt that stuff yourself using software already available. Better yet, encrypt your sensitive stuff before it gets sent.

Show threadCharlie

@msokiovt @faraiwe

That's a cool article! Kudos to T-Mobile for patching their shit when they were informed of the issue.

Also yes Mugita; T-Mobile is owned by Deutsche Telekom. That's no secret.

Additionally, they talk heavily of public-access phone calls and text messages; both of which are transmitted on the public teleco network. Again it's no secret that phone calls and SMS messages lack proper security; they have lacked proper security since the 1980's and I don't foresee them changing their policies anytime in the future.

Take cell phones for example; they usually use encryption to connect to the tower, but will gladly connect to an unencrypted node with not even a notification to the user.

Intentional or not; malicious or not; just never trust third party vendors to keep your data safe. Only rely on public/private keys that you personally control. This is why I publish my public GPG keys just in the off chance someone opts to message me actually securely.

Oh yeah, and my phone does not contain my private GPG keys, because mobile phones are inherently insecure.

Oct 14 at 1:55pmWeb