Unencrypted satellite signals allowed unauthorized collection of call and text data from some T-Mobile customers.

Researchers discovered unencrypted communications from U.S. and Mexican military and law enforcement by aiming a receiver at various satellites. The intercepted data contained sensitive details, including personnel locations, equipment, and facilities. The university team had anticipated encrypted data and were surprised by the lack of security.

UCSD professor and research team co-leader Aaron Schulman said that they were shocked to find critical infrastructure relying on satellite ecosystems without encryption. He added that companies assumed no one would check the satellites for vulnerabilities and that was their security method.

T-Mobile encrypted its communications data after the researchers reported their findings. However, other companies, including those owning vital U.S. infrastructure deemed "vulnerable" in the report, have not followed suit to enhance their satellite system security.

The team accessed signals only from satellites within range of their San Diego location, about 15% of all operating satellites. This suggests a significant amount of data is vulnerable to theft by malicious actors using affordable satellite receivers. A receiver can intercept signals sent to remote cell towers, even those far away.

These cell towers, often in remote areas, depend on satellites to transmit signals to a carrier's core network, which is known as "backhaul traffic." Researchers intercepted unencrypted backhaul signals from carriers, including T-Mobile, AT&T Mexico, and Telmex.

Cybersecurity expert Matt Green of Johns Hopkins University reviewed the report, stating that the amount of data transmitted over satellites that can be intercepted by anyone with an antenna is surprising. He believes the report will address a small part of the issue, but much will remain unchanged. Green also said that he would be surprised if intelligence agencies are not already exploiting this vulnerability.

Researchers collected 2,700 phone numbers and associated call and text data by recording T-Mobile's backhaul satellite communications for nine hours using one dish. The team could only access one side of the conversations, specifically calls and texts sent to the remote towers. Obtaining data sent from the towers would require another satellite dish.

T-Mobile addressed its unencrypted satellite issue in 2024. AT&T blamed a third-party vendor in Mexico, stating that a vendor misconfigured a small number of cell towers in a remote region. The researchers did not find unencrypted data from Verizon or AT&T in the U.S.

In 2022, the U.S. National Security Agency issued a security advisory regarding the lack of encryption in satellite communications. It is likely that intelligence agencies are already exploiting this vulnerability, so wireless firms using satellites for communication should assess their backhaul security.