Satellites reveal the world’s secrets: calls, text messages, military and corporate data
This suggests that anyone could install similar hardware elsewhere in the world and likely obtain their own collection of sensitive information. After all, the researchers limited their experiment to commercially available satellite hardware: a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card, for a total of less than $800.
“These weren’t NSA-level resources. These were DirecTV user-level resources. The barrier to entry for this type of attack is extremely low,” says Matt Blaze, a computer scientist and cryptographer at Georgetown University and law professor at Georgetown Law. “Within a week we’ll have hundreds, if not thousands, of people, many of whom won’t tell us what they’re doing, replicating this work and seeing what they can find up there in the sky.”
According to the researchers, one of the only obstacles to replicating their work would likely be the hundreds of hours they spent on the roof tuning their satellite. As for the in-depth, highly technical analysis of obscure data protocols they obtained, that might now also be easier to replicate: The researchers are publishing their own open-source software tool for interpreting satellite data, also titled “Don’t Look Up,” on Github.
The researchers’ work could, they acknowledge, allow other people with less benevolent intentions to extract the same highly sensitive data from space. But they say it will also push more owners of that satellite communications data to encrypt that data, to protect themselves and their customers. “As long as we’re looking to find insecure things and make them secure, we feel great,” Schulman says.
There is no doubt, they say, that intelligence agencies with far superior satellite reception hardware have been analyzing the same unencrypted data for years. In fact, they point out that the US National Security Agency warned in a 2022 security advisory about the lack of encryption in satellite communications. At the same time, they assume that the NSA – and every other intelligence agency from Russia to China – has installed satellite dishes all over the world to exploit this same lack of protection. (The NSA did not respond to WIRED’s request for comment).
“If they’re not doing it already,” jokes Nadia Heninger, a cryptography professor at UCSD who co-led the study, “then where are my tax dollars going?”
Heninger compares the revelation of their study – the scale of unprotected satellite data available – to some of Edward Snowden’s revelations which showed how the NSA and Britain’s GCHQ obtained telecommunications and internet data on an enormous scale, often by secretly directly exploiting communications infrastructure.
“The threat model that everyone had in mind was that we need to encrypt everything because some governments are exploiting undersea fiber optic cables or coercing telecom companies to allow them access to data,” Heninger says. “And now what we’re seeing is that same type of data is just being broadcast across a large part of the planet.”
