Just days ago, on October 14, 2025, an eye-opening study from researchers at the University of California San Diego (UCSD) and the University of Maryland (UMD) exposed a glaring security flaw in our skies: Geostationary (GEO) satellites are broadcasting sensitive data, unencrypted and wide open for anyone with a clear view of the heavens and about $600-800 in off-the-shelf equipment. From T-Mobile users' texts and calls to U.S. military vessel details and Mexican government surveillance feeds, the leaks are staggering. If you've ever assumed satellite comms are secure by default, think again, this is a wake-up call to how "security through obscurity" is failing spectacularly in the space age. Drawing on the study and widespread coverage, let's break down how it's done, what's at risk, and why this vulnerability persists in 2025.
The Hack: A Backyard Setup Turns You into a Space Spy
The researchers didn't need spy-agency budgets or classified tech. Their rig? A $185 satellite dish, $140 roof mount, $195 motor, and $230 tuner card, totalling under $800. From a single rooftop in La Jolla, they scanned 39 GEO satellites over seven months, tapping into 411 Ku-band transponders used for internet, TV, and backhaul services. GEO sats hover fixed at 22,000 miles up, blanketing huge swaths of Earth with signals anyone can passively receive, no active hacking required.
Custom software parsed the signals, reconstructing IP packets from raw data despite signal noise. As UCSD's Aaron Schulman told Wired, organizations "just really didn't think anyone would look up." Nearly half the transmissions were unencrypted, treating sat links like private intranets. This "don't look up" approach? A recipe for disaster.
On X, users are buzzing: One post highlights how the team intercepted unencrypted data accessible to anyone with an antenna, calling it a "vast portion of global satellite communications." Another notes the three-year study finding half of GEO comms unencrypted. Even older posts echo similar vulnerabilities, like turning RAM into Wi-Fi for air-gapped systems or cheap ground stations spotting spy sats.
The Loot: From Texts to Tanks, Nothing's Safe
The intercepts were chilling. In one nine-hour session on T-Mobile backhaul, they grabbed metadata and phone numbers for 2,711 users, plus unencrypted call audio, SMS, and browsing history. Similar leaks hit AT&T Mexico, TelMex, WiBo, and Alaskan KPU.
Military data flowed freely: U.S. Navy ship names, logistics apps, and admin systems, revealing government-owned vessels. In Mexico, they snagged narcotics intel, helicopter (Mi-17, Black Hawks) and vessel tracking, armored vehicle locations, and surveillance cams. Corporate gems included Walmart Mexico emails/inventory, bank ATM networks (Santander, Banjercito, Banorte), power utility CFE work orders with customer data, and SCADA systems for oil/gas pipelines.
In-flight Wi-Fi from Intelsat and Panasonic leaked passenger metadata and unencrypted audio. As one X post put it, "Researchers intercepted thousands of calls, texts, and military data from satellites using just $800 in equipment, all transmitted unencrypted." Another called it "this kind of negligence staggering."
Why no encryption? Cost, it hikes bandwidth use, power draw, and fees, plus troubleshooting headaches. Many assume signals are obscure, but as the study shows, that's false.
The Risks and Fixes: A Critical Infrastructure Blind Spot
This lowers the bar for threats: Hobbyists, criminals, or adversaries could surveil continents, spoof cells, or disrupt infrastructure. Prior research pegged this as state-level capability, but now it's DIY. Space isn't U.S. critical infrastructure, despite pushes to classify it.
The team disclosed to T-Mobile, AT&T, Intelsat, Panasonic, WiBo, KPU, U.S. military, and Mexican gov from Dec 2024 to July 2025. T-Mobile encrypted; others fixed, but systemic change lags.
Solutions: Mandate IPsec/VPNs, TLS, and end-to-end encryption like Signal. Monitor links; treat sats like public nets. As one X user noted, modern tech packs offensive intel in portable kits, cyber's boots-on-ground now.
This story, fresh as of October 14, hasn't been "forgotten" — it's exploding across Wired, CyberScoop, and X. But if we ignore it, our secrets stay up for grabs. Time to encrypt the skies before the next leak hits.
https://cyberscoop.com/researchers-scan-satellites-find-massive-corporate-military-data-leaks/