Cyberbeveiliging
Geo-satellietbeveiligingsstudie onthult opvallende zwaktes
Een team van onderzoekers van de University of Maryland en de University of California werkte samen om een belangrijk beveiligingsprobleem binnen de communicatiesector onder de aandacht te brengen. Hun studie is het meest uitgebreide openbare onderzoek naar de beveiliging van geostationaire satellietcommunicatie. Dit is wat ze hebben ontdekt.
Statistieken over datalekken
Data breaches are on the rise, and it’s costing companies billions. A recent Statista report predicts that cybercriminals will cost businesses +$10.5T this year alone. What’s even scarier is that these losses are predicted to exceed $15.63 trillion by 2029.
Daarnaast zijn cybercriminelen vaardiger en brutaler geworden in hun pogingen. Deze stijging in hun vaardigheden blijkt uit het type doelwitten dat ze aanvallen. Interessant is dat er een verschuiving heeft plaatsgevonden van voornamelijk het richten op betaalinformatie naar het nu zoeken naar persoonlijke gegevens die kunnen worden gebruikt om krediet te verkrijgen en andere frauduleuze activiteiten.
The cost of these attacks will only go up. A Sophos report revealed that ransomware payment requests are up 500% in value over the last year alone. Now, the average ransomware payment sits at approximately $2M. The same data shows that cybercriminals have found a niche targeting medium and large organizations.
Hoe bedrijven datalekken voorkomen
There are many ways in which your data can remain protected from hackers. The top options for companies are to utilize encryption methods, cold storage, and advanced security protocols. When used in conjunction with verification strategies like 2FA authorization, it drastically improves your protection against hackers. However, there’s more to your data transmission than the companies holding your info.
Hoe telecommunicatiebedrijven uw gegevens verwerken
Telecommunications firms hold much of the responsibility for keeping your data safe once it’s sent. These systems can utilize internet connections, cell phone towers, and satellites to transmit your data globally. For areas that may be off the beaten path, the only method of communication is via satellite.
Hoe satellietcommunicatie werkt
Satellites operate as large antennas in the sky that can receive and broadcast data globally. They are ideal for the task since their location enables them to provide vast areas of coverage without requiring much infrastructure on Earth. Satellites broadcast their data to receiving dishes on Earth that can then pass the info to other communication systems.
One of the most popular forms of satellite used for this task is called a geosynchronous equatorial orbit (GEO) satellite. These systems differ from traditional satellites in that they don’t rotate around the Earth. Instead, they remain locked to a singular coordinate, rotating at the speed of the Earth to remain in perfect alignment. Notably, this approach can provide transmission capabilities to as much as 40% of the Earth at any given time.
Inherente zwaktes van satellietcommunicatie
There are several weaknesses that these satellites possess on account of their design and function. For one, they are expensive to create and deploy compared to traditional communication methods like fiber optics. Also, their limited orbital location means that they are more likely to encounter space debris, which could damage the equipment and render it inoperable.
In terms of the broadcast signal, there are also some issues to be discussed. For one, GEO satellites have limited bandwidth compared to ground-based communications systems. Additionally, weather conditions can cause delays or latency as the majority of these devices are 22,236 miles away.
Geo-satellietbeveiligingsstudie
The recently published “Don’t Look Up: There are sensitive internal links in the clear on GEO satellites”¹ study reveals another easily avoidable security weakness found in several high-traffic GEO satellite systems in use today. The researchers discovered that vast amounts of sensitive data were transmitted unencrypted, meaning anyone could see the details simply by tuning into the broadcast.
According to researchers, the revelation was “shocking” in how many satellite systems were vulnerable to simple passive eavesdropping. Unlike hacking, which requires the attacker to overcome security protocols to gain access to restricted data, the researchers noted that this information was freely broadcast in plaintext to the world.
Gevoelige verkeersstromen
The team stated that they intercepted a wide range of satellite communications, spanning from personal data to military operations. Here’s what systems they managed to successfully intercept and gather sensitive information from without any hacking necessary.
Overheid
The researchers were able to capture crucial data across several government agencies passively. These groups included vital infrastructure like power and oil companies. This data contained plaintext that described repair ticket requests, locations, and enabled remote operation of certain tasks.
Military communications were also compromised using nothing more than a simple commercial satellite dish. The engineers were able to easily receive precise coastal surveillance data alongside other current operations. The team also captured police communications.
Bedrijven
Enterprise communications were another area that was found to be insufficiently protected. The team accessed several telecommunications systems, documenting companies that sent personal data, login credentials, emails, and even banking information unencrypted.
The team documented how cell phone companies utilized encryption for their land-based communication but left satellite communications unprotected, meaning that calls, texts, internet activities, and even hardware IDs could be gathered with minimal effort.
Persoonlijke communicatie
Your personal information isn’t any safer when you send it directly, according to this study. The team managed to capture unencrypted Wi-Fi data from in-flight passengers, including DNS lookups. They could even see exact data like the flight’s entertainment and flight systems information.
Geo-satellietbeveiligingsstudie test
The engineers set out to prove their theory by first purchasing a commercial-off-the-shelf satellite dish like the ones you would use to get TV service. They then mounted this dish on the roof of a tall university building in San Diego with an unobstructed view of the sky.
Aangepaste protocol‑parsingcode
As part of their approach, the engineers developed a custom protocol parsing code. This code enabled the researcher to reconstruct network packets, which could later be deciphered into their full data using each network’s custom protocols.
The next step was to connect the satellite to their systems and set up passive signal capturing. This strategy allows signals to be captured without revealing that they were captured or the locations where the captured data was obtained. Notably, a commercial TV tuner card was also used to scan the signals for raw bytes.
Resultaten van de Geo-satellietbeveiligingsstudie test
The results of the study were eye-opening. For one, the team successfully observed 411 transponders across 39 GEO satellites using only $600 in commercially available equipment. They noted that the data was passively obtained, showing no signs of interception or passive collection. Impressively, the team was able to make a clear sense of everything from text messages to sensitive emails and military objectives.
Veeg om te scrollen →
| Categorie | Type gegevens onderschept | Voorbeeldbevindingen |
|---|---|---|
| Overheid | Infrastructuur & Militaire | Reparatietickets, stroomnetgegevens, kustbewaking |
| Bedrijf | Enterprise & Telecom | E‑mails, inloggegevens, onversleutelde bankoverschrijvingen |
| Persoonlijk | Passagier‑ & Wi‑Fi‑gegevens | DNS‑lookups, vlucht‑entertainment‑ en systeeminformatie |
Aanbevelingen voor satellietsysteem‑operators
The paper states that “there’s no way to know if your providers are encrypting data traffic”. As such, it is important that you do everything in your power to prevent data breaches. The scientists go on to make several recommendations for these systems to prevent future attacks by malicious parties. Their first critique was to insist on using encryption. They stated that encryption needs to be mandatory and not an optional add‑on feature.
The researchers also recommend utilizing encrypted platforms like Signal for personal communications. The paper states that businesses need to utilize multiple layers of encryption to gain the most protection. This step involves integrating VPNs to obfuscate your location and other identifying packets, which could otherwise enable hackers to gather more information about you.
Waarom gebruikt niet elke satelliet encryptie?
Interestingly, encryption is an industry standard for nearly all other digital transmission systems. However, unlike the internet or cell networks, satellites have managed to remain outside this scrutiny. Here are a few reasons why you don’t see universal encryption on GEO satellites yet.
Bandbreedte
One of the main reasons you don’t see satellite communications encrypted is that it can take up more bandwidth. Satellites are relied on heavily to get data across the globe, and for many telecommunications providers, it wasn’t in their financial interests to limit their bandwidth to introduce encryption, as few people were aware of these attack vectors before this study.
Kosten van encryptie
There are also additional costs associated with integrating an effective encryption system. For example, many satellite-level encryption options require licensing fees and purpose-built hardware to function properly. Consequently, they can increase overhead costs and limit revenue.
Probleemoplossing
There are also technical issues that have limited the use of encryption in satellite communications. It can be much more costly and time‑consuming to determine any hardware or software technical issues when a layer of encryption is applied across a system. Given the importance of these networks, delays and downtimes weren’t an option.
Satellietoperators op de hoogte stellen van hun zwaktes
Throughout the process, the researchers carefully consulted legal teams to ensure compliance with all applicable laws. Additionally, they contacted all the networks they found weaknesses in and explained to the operators what they discovered. So far, several companies, including T-Mobile, Walmart, and KPU, have upgraded their security to eliminate these issues.
Investeren in satellietcommunicatie
There are several companies seeking to become the leading satellite data provider. These firms have spent millions of dollars and years figuring out how to lower the cost of doing business in space. Their services are now a vital part of global communications, providing real‑time access to valuable data when needed. Here’s one company that remains a pioneer in the satellite communications market.
EchoStar Corp
EchoStar is a leading provider of satellite communications hardware and services. The Colorado-based firm entered the market in 1980 and was founded by Charlie Ergen, Candy Ergen, and Jim DeFranco to provide enterprises access to C-band satellite services.
Notably, EchoStar Corp secured a broadcast license in 1987, which would eventually lead to one of the most popular satellite-based TV providers nearly 20 years later, the DISH Network. The company officially launched its first satellite in 1995, dubbed the EchoStar 1.
(SATS )
After several years operating as separate entities, the DISH Network was reabsorbed into EchoStar Corp. Today, the company has expanded its operations into a broad range of communication technologies. Those seeking to gain access to a thriving satellite communication provider should do more research into EchoStar and its offerings.
Laatste EchoStar (SATS) aandelen‑nieuws en prestaties
Geo-satellietbeveiligingsstudie | Conclusie
Every couple of years, a study comes out that reveals glaring security risks to your personal data. From Edward Snowden revealing that the NSA tracks every move you make, to the revelation that client-side AI systems are tracking your every decision, it seems like there is a constant battle between your data and people who want to obtain it without your permission. Thankfully, this study reveals a previously unknown attack vector and demonstrates how it can be eliminated, furthering the public’s protection against potential data breaches moving forward.
Lees meer over andere interessante cybersecurity‑nieuwtjes hier.
Referenties:
1. Wenyi Morty Zhang, Annie Dai, Keegan Ryan, Dave Levin, Nadia Heninger, and Aaron Schulman. 2025. Proceedings of the 32nd ACM Conference on Computer and Communications Security (CCS ’25), Taipei, Taiwan. ACM. https://satcom.sysnet.ucsd.edu/docs/dontlookup_ccs25_fullpaper.pdf
