Satellites orbiting ~35,000 km+ above earth, aren’t something most would consider as a security vulnerability. However, a joint University of California and Maryland study “Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEOSatellites” has shown that this assumption is wrong, and significant security risks surround ‘Geostationary Earth Orbit’ (GEO) satellites. The 3 year-long study found about half of the GEO satellite signals were left open for interception and completely unencrypted.
Most intriguingly, the team of 6 researchers, needed no more than just a ~US$800 off-the-shelf dish, motor and tuner kit, to comfortably listen to a slice of the world’s private traffic.
The researchers completed their study by accessing cell networks’ backhaul traffic around the US. Backhaul traffic is essentially a stream of data connecting remote or external outposts (towers in deserts, offshore platforms, remote ATMs) to the central networks, where all the magic happens, and within which we, Canberrans, live. Notably, given Australia’s vast land area and a population density >90% lower than the population density in the US, it is expectant that a great amount of our networks utilise satellite traffic.
By tapping into this traffic across 25 longitudes and 39 GEO satellites, the scientists were able to hear snippets of phone calls, text messages and other communications from thousands of users, as well as even some traffic from international networks.
But the list doesn’t stop there: this $800 rooftop dish also saw in-flight Wi-Fi browsing, internal corporate emails and logins, ATM networking data, and even US and Mexican military and law-enforcement traffic (not good), and more – and this list is already over a paragraph long.
The highlight and key takeaway here, is that this traffic was passively broadcasted down to anyone pointing a dish at the right bit of sky.
“We, the public, and decision makers in government that tend to own satellites, have an expectation that there is greater security of our data.” – Anntonette Dailey - a chartered engineer, with over 20 years of experience at a senior executive level, and public policy expert.
After coordinated disclosure, most organisations moved to encrypt affected links with verified fixes available, several vendors say they are mid-transition, but some critical infrastructure and government systems have not yet disclosed any fixes.
High-cost solutions have been able to collect and affect satellite operations and data for quite a while now – for instance, as Anntonette illustrated, “Viasat was hacked by the Russians to disable comms” (and subsequently, internet connections for thousands of European citizens). However, previous low-cost studies weren’t as successful, constraining themselves to smaller subsets of protocols, using different methodologies, and hence, often being unable to capture high-quality information. This study resolves these limitations with ease, and given the publicised list of hardware and methodology, it is highly unlikely that these previous limitations will still be limiting capabilities of adversaries.
A wider issue, as Anntonette Dailey told us, is that “Encrypting data has challenges, particularly in GEO where the distances are so big, this impacts reliability.”
GEO links already fight latency, narrow bandwidth and tight budgets; encryption hardware adds complexity and tightens budgets further.
“The technology currently available requires reliability and usability which is limited by encryption.” – Anntonette Dailey
All this lands uncomfortably in Australia.
Dailey reminds us, “The public has this expectation that all countries have access to satellites, this is not the case. Mexico has more sovereign capabilities than Australia.”
Mexico operates its government-owned MEXSAT system for national communications, while Australia leans on less sovereign network solutions - though new projects for Defence and NBN are beginning to close that gap. Currently, Australia relies heavily on US collaboration and international companies for the development of the space industry, and challenges such as the US Wolf Amendment (which restricts NASA and related US agencies from bilateral cooperation with China’s Space industry), mean that there is still quite a journey ahead.
With great challenges come great opportunities.
Now is a time when “The space industry [in Australia] is on a level playing field” (Igor Dimitrijevic, CEo of Infinity Avionics at the Space Industry after IAC Event), and these issues showcased in the US, opens up a market of opportunities and incentive for innovation. Notably, Canberra – Australia’s leader in space technologies and innovation - full of support networks, established space players and investment, is the perfect place to start developing sovereign solutions. Securing “above the cloud” links is now a wider concern, with great opportunities right at the intersection of space sovereignty, national security and economic resilience in Australia.
