Out Of This World Security Flaws
You might assume that the traffic flowing through satellites is encrypted; you would be wrong but it is a reasonable assumption to make. Unfortunately, as we have seen several times, the security of most satellites seems to be based on the hope that it is rather challenging to physically access hardware in orbit. There doesn’t seem to be much in the way protecting the software from being hacked, nor much in the way of encryption protecting the traffic flowing to and from satellites.
The most recent example of this is research from the University of California, San Diego, and the University of Maryland, College Park, which demonstrates how trivial a task it is to intercept this data with an off-the-shelf satellite dish. They scanned IP traffic transiting through 39 GEO satellites across 25 distinct longitudes and found that half of the signals they picked up contained cleartext IP traffic. The intercepted data included Wi-Fi traffic from users on flights, and unencrypted call audio from multiple VoIP providers which was sent in the clear.
To make things worse they also intercepted unencrypted military traffic like detailed tracking data for coastal vessel surveillance and the operational data of a police force. After this story was published, a single provider made a change to their security. T-Mobile has decided to implement SIP encryption on the user traffic they bounce off of satellites. There was no word from anyone else at the time of publishing, but one hopes someone wises up and applies at least basic security to their user’s data as well.