Be respectful in your interactions with fellow members. You can Go Here to read our Terms and Rules. Visit My Profile to create your avatar and see your posts. If you to report a bug or issue, email us at support.GI US.com

Title: October 14, 2025

GRAY ZONE MORNING BRIEF 14 OCTOBER 2025

SATELLITES BEAM UNENCRYPTED DATA

Satellites bean data down to the Earth all around us, all the time. So you might expect that those space-based radio communications would be encrypted to prevent any snoop with a satellite dish from accessing the torrent of secret information constantly raining from the sky. You would, to a surprising and troubling degree, be wrong.

Roughly half of geostationary satellite signals, many carrying sensitive consumer, corporate, and government communications, have been left entirely vulnerable to eavesdropping, a team of researchers at UC San Diego and the University of Maryland revealed today in a study that will likely resonate across the cybersecurity industry, telecom firms, and inside military and intelligence agencies worldwide.

For three years, the UCSD and UMD researchers developed and used an off-the-shelf, $800 satellite receiver system on the roof of a university building in the La Jolla seaside neighborhood of San Diego to pick up the communications of geosynchronous satellites in the small band of space visible from their Southern California vantage point. By simply pointing their dish at different satellites and spending months interpreting the obscure—but unprotected—signals they received from them, the researchers assembled an alarming collection of private data.

They obtained samples of the contents of Americans’ calls and text messages on T-Mobile’s cellular network, data from airline passengers’ in-flight Wi-Fi browsing, communications to and from critical infrastructure such as electric utilities and offshore oil and gas platforms, and even US and Mexican military and law enforcement communications that revealed the locations of personnel, equipment, and facilities.

“It just completely shocked us. There are some really critical pieces of our infrastructure relying on this satellite ecosystem, and our suspicion was that it would all be encrypted,” says Aaron Schulman, a UCSD professor who co-led the research. “And just time and time again, every time we found something new, it wasn't.”

The group’s paper, which they’re presenting this week at an Association for Computing Machinery conference in Taiwan, is titled “Don’t Look Up”—a reference to the 2021 film of that title but also a phrase the researchers say describes the apparent cybersecurity strategy of the global satellite communications system. “They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security,” Schulman says. “They just really didn't think anyone would look up.”

The researchers say that they’ve spent nearly the past year warning companies and agencies whose sensitive data they found exposed in satellite communications. Most of them, including T-Mobile, moved quickly to encrypt those communications and protect the data. Others, including some owners of vulnerable US critical infrastructure whom the researchers alerted more recently—and declined to be named— have yet to add encryption to their satellite-based systems. Researchers have pointed to the surveillance dangers of unencrypted satellite connections before but the scale and scope of the new disclosures appear unrivaled.

The researchers’ work looked at only a small fraction of geostationary satellites whose signals they could pick up from San Diego—roughly 15 percent of those in operation, by the researchers’ estimate. This suggests vast amounts of data are likely still being exposed over satellite communications, says Matt Green, a computer science professor at Johns Hopkins University who focuses on cybersecurity and reviewed the study.

Large swaths of satellite data will likely be vulnerable for years to come, too, as companies and governments grapple with whether and how to secure outdated systems, Green says.“It's crazy. The fact that this much data is going over satellites that anyone can pick up with an antenna is just incredible,” Green says. “This paper will fix a very small part of the problem, but I think a lot of it is not going to change.”

“I would be shocked,” Green adds, “if this is something that intelligence agencies of any size are not already exploiting.”

Half Conversations, Broadcast From Space

The phone calls and text messages the researchers obtained, in particular, were exposed due to telecoms’ often overlooked use of satellite communications for offering cellular coverage to normal phone users who connect to cell towers in remote locations. Some towers in desert or mountainous regions of the US, for instance, connect to a satellite that relays their signals to and from the rest of a telecom’s core cellular network, the internal communications of the network known as “backhaul” traffic.

T-MOBILE AT&T & TELMEX

Anyone who sets up their own satellite receiver in the same broad region as one of those remote cell towers—often as far as thousands of miles away—can pick up the same signals meant for that tower. Doing so allowed the research team to obtain at least some amount of unencrypted backhaul data from the carriers T-Mobile, AT&T Mexico, and Telmex.

The T-Mobile data was particularly significant: In just nine hours of recording T-Mobile backhaul satellite communications from their single dish, the researchers collected the phone numbers of more than 2,700 users as well as all the phone calls and text messages the researchers received during that time. They could, however, only read or hear one side of those conversations: the content of the messages and calls sent to T-Mobile’s remote towers, not sent from them to the core cell network, which would have required another satellite dish near the one T-Mobile intended to receive the signal on the other end.

“When we saw all this, my first question was, did we just commit a felony? Did we just wiretap?” says Dave Levin, a University of Maryland computer science professor who co-led the study. In fact, he says, the team didn’t actively intercept any communications, only passively listened to what was being sent to their receiver dish. “These signals are just being broadcast to over 40 percent of the Earth at any point in time,” Levin says.

Mexican telecom Telmex also transmitted unencrypted voice calls, the researchers found. The researchers further discovered that AT&T Mexico transmitted raw data over satellites that included users’ internet traffic—most of which was encrypted with HTTPS by the apps or browsers they used—but also some calling and texting metadata. They also found decryption keys that the researchers believe could likely have been used to decipher other sensitive information the AT&T Mexico network transmitted—though they didn’t attempt this.

Starting in December 2024, the researchers began contacting the affected telecoms. T-Mobile responded by encrypting its satellite transmissions within weeks, but responses from other cell carriers were mixed.

Beyond just cell towers in remote locations, it’s possible that a lack of encryption for cellular backhaul data could make anyone on the same network vulnerable, points out Johns Hopkins’ Green. Hackers might be able to perform a so-called relay attack with a spoofed cell tower—using the surveillance hardware sometimes called a stingray or IMSI catcher —and route any victim’s data to a cell tower that connects to a satellite uplink. “The implications of this aren't just that some poor guy in the desert is using his cell phone tower with an unencrypted backhaul,” says Green. “You could potentially turn this into an attack on anybody, anywhere in the country.”

Military Helicopters and Power Grids, Exposed

The researchers’ satellite dish also pulled down a significant collection of unprotected military and law enforcement communications. They obtained, for instance, unencrypted internet communications from US military sea vessels, as well as the vessels’ names.

For Mexican military and law enforcement, the exposures were far worse: The researchers say they found what appeared to be unencrypted communications with remote command centers, surveillance facilities, and units of the Mexican military and law enforcement. In some cases, they saw the unprotected transmission of sensitive intelligence information on activities like narcotics trafficking.

In others, they found military asset tracking and maintenance records for aircraft like Mil Mi-17 and UH-60 Black Hawk helicopters, sea vessels, and armored vehicles, as well as their locations and mission details. “When we started seeing military helicopters, it wasn’t necessarily the sheer volume of data, but the extreme sensitivity of that data that concerned us,” says Schulman.

Just as sensitive, perhaps, were industrial systems communications from critical infrastructure like power grids and offshore oil and gas platforms. In one case, they found that the Comisión Federal de Electricidad (CFE), Mexico’s state-owned electric utility with nearly 50 million customers, was transmitting its internal communications in the clear—everything from work orders that included customers’ names and addresses to communications about equipment failures and safety hazards.

In other cases they have yet to publicly detail, the researchers say they also warned US infrastructure owners about unencrypted satellite communications for industrial control system software. In their phone calls with those infrastructure owners, some owners even expressed concerns that a malicious actor might have the ability to not only surveil the control systems of their facilities, but also, with enough sophistication, potentially disable or spoof them to tamper with the facility’s operation.

The researchers obtained a vast grab bag of other miscellaneous corporate and consumer data: They pulled down in-flight Wi-Fi data for Intelsat and Panasonic systems used by 10 different airlines. Within that data, they found unencrypted metadata about users’ browsing activities and even the unencrypted audio of the news programs and sports games being broadcast to them. They also obtained corporate emails and inventory records of Walmart’s Mexican subsidiary, satellite communications to ATMs managed by Santander Mexico, as well as the Mexican banks Banjercito and Banorte.

A spokesperson for Santander Mexico says that no customer information or transactions were compromised, but confirmed that the exposed traffic was linked to a “small group” of ATMs used in remote areas of Mexico where using satellite connections is the only option available. “Although this traffic does not pose a risk to our customers, we took the report as an opportunity for improvement, implementing measures that reinforce the confidentiality of technical traffic circulating through these links,” the spokesperson says.

“While we cannot share specifics, we can confirm that our communications lines have been evaluated and confirmed secure,” a spokesperson for Walmart says. (The researchers confirm that they observed Walmart had encrypted its satellite communications in response to their warning.)

“The information of our customers and infrastructure is not exposed to any vulnerability,” a spokesperson for Grupo Financiero Banorte says.

Time to Look Up

The amount of Mexico-related data in the researchers’ findings is, of course, no coincidence. Although their satellite dish was technically able to pick up transmissions from around a quarter of the sky, much of that swath included the Pacific Ocean, which has relatively few satellites above it, and only a small fraction of the transponders on the satellites it did see were transmitting data in the direction of its dish. The result, the researchers estimate, was that they examined only 15 percent of global satellite transponder communications, mostly in the western US and Mexico.

That suggests anyone could set up similar hardware somewhere else in the world and likely obtain their own collection of sensitive information. After all, the researchers restricted their experiment to only off-the-shelf satellite hardware: a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card, totaling less than $800.

“This was not NSA-level resources. This was DirecTV-user-level resources. The barrier to entry for this sort of attack is extremely low,” says Matt Blaze, a computer scientist and cryptographer at Georgetown University and law professor at Georgetown Law. “By the week after next, we will have hundreds or perhaps thousands of people, many of whom won’t tell us what they’re doing, replicating this work and seeing what they can find up there in the sky.”

One of the only barriers to replicating their work, the researchers say, would likely be the hundreds of hours they spent on the roof adjusting their satellite. As for the in-depth, highly technical analysis of obscure data protocols they obtained, that may now be easier to replicate, too: The researchers are releasing their own open-source software tool for interpreting satellite data, also titled “Don’t Look Up,” on Github.

The researchers’ work may, they acknowledge, enable others with less benevolent intentions to pull the same highly sensitive data from space. But they argue it will also push more of the owners of that satellite communications data to encrypt that data, to protect themselves and their customers. “As long as we’re on the side of finding things that are insecure and securing them, we feel very good about it,” says Schulman.

There’s little doubt, they say, that intelligence agencies with vastly superior satellite receiver hardware have been analyzing the same unencrypted data for years. In fact, they point out that the US National Security Agency warned in a 2022 security advisory about the lack of encryption for satellite communications. At the same time, they assume that the NSA—and every other intelligence agency from Russia to China—has set up satellite dishes around the world to exploit that same lack of protection.

MI5 SPY WARNING RE: CHINA & RUSSIA

**UK’s MI5 Warns Politicians of Spying Threats from Russia and China** - MI5 issued a rare public alert to Members of Parliament and political staff warning that Russia, China, and Iran are actively seeking to exploit relationships, donations, phishing, blackmail and flattery to influence UK democracy. Director General Ken McCallum emphasized that such foreign interference erodes national sovereignty. The guidance follows the collapse of a high-profile espionage trial after prosecutors said the government failed to provide evidence classifying China as a national security threat.

TRUMP & XI TO MEET

**Trump-Xi meeting still on despite trade tensions, says US’s Bessent **- U.S. Treasury Secretary Scott Bessent confirmed that President Donald Trump and Chinese President Xi Jinping still plan to meet in South Korea later this month, despite escalating trade tensions. Bessent said “substantial communication” resumed after China imposed sweeping export controls on rare earths, prompting Trump to threaten 100% tariffs on Chinese goods effective November 1. He noted the tariffs “do not have to happen” if negotiations progress and said lower-level officials may have initiated the Chinese restrictions. Bessent warned Washington is ready with “brute force countermeasures” but remains optimistic the sides can de-escalate ahead of the APEC summit.

30,000 FT VIEW

TRADE WAR SPOTLIGHT

The intensifying US-China trade war took some shine off President Donald Trump’s Middle East triumph. Coming weeks will tell how much is bluster.

THE NEXPERIA INCIDENT

The Netherlands’ seizure of Chinese-owned chipmaker Nexperia showed one NATO ally standing by the US. Chinese trade data suggested decreasing dependency on the US, but may be less than it seems as trade passes via third countries.

MIDDLE EAST

As Israeli forces pulled back in Gaza, Hamas is asserting its authority - and executing rivals Key question is whether it will accept disarmament under Trump’s plan. If not, another Gaza war is a matter of time. Meanwhile, Hamas backer Iran is looking more isolated as Trump and Sunni friends reshape the region — this is intentional, well planned out and an ongoing mission in the Middle East. “Operation Isolate Iran” (not a real op name but befitting) is the result of a huge shift in the geopolitical landscape of the Middle East in which the U.S. & Israel —along with Arab nation partners are reshuffling the deck and redefining power.

TOMAHAWKS TO UKRAINE

After Gaza, Ukraine. But while Trump’s threat to send long-range Tomahawk missiles could shift the military balance a bit it would unlikely be enough to get Russia to make peace before it achieves military goals.

AFGHANISTAN & PAKISTAN

Another conflict to watch: Pakistan and Afghanistan’s Taliban – which has underlined its growing closeness with India. The rhetoric is rising as well as the body count.

MADAGASCAR

Gen-Z strikes again: This time it’s Madagascar's President Andry Rajoelina who has fled the country — in fear of a military rebellion after weeks of protests, as GZB reported yesterday. GZB will update as the situation warrants.

Pray.

Train.

Stay informed.

Build resilient communities.

—END REPORT