Study: The World’s Satellite Data Is Massively Vulnerable To Snooping
from the whoops dept
For many many years, experts have warned about massive longstanding flaws in Signaling System 7 (SS7, or Common Channel Signaling System 7), a series of protocols used by cellular networks hackers can exploit to track user location, dodge encryption, and even record private conversations. Governments and various bad actors routinely exploit the flaw to covertly spy on wireless users around the planet without them ever knowing. We’ve done a piss poor job of fixing the problem.
Now Wired points to a new study that indicates that the planet’s satellite communications may not be any more secure. A team of researchers at UC San Diego and the University of Maryland found that nearly half of all geostationary satellite signals aren’t properly encrypted. That includes a lot of highly sensitive corporate, government, and military communications.
Worse, the traffic can be intercepted with roughly $800 worth of off the shelf equipment. In their case, the researchers used a $800 satellite receiver system on the roof of a university building in San Diego. They were able to snoop on a wide variety of data they assumed would have been encrypted, including the communications of many T-Mobile customers and important utility communications:
“It just completely shocked us. There are some really critical pieces of our infrastructure relying on this satellite ecosystem, and our suspicion was that it would all be encrypted,” says Aaron Schulman, a UCSD professor who co-led the research. “And just time and time again, every time we found something new, it wasn’t.”
The researchers have spent the last year contacting companies to let them know they should encrypt their traffic, with mixed results. As we’ve seen with cellular networks and the SS7 flaw, knowing there’s a very serious problem doesn’t necessarily mean it’s fixed; that flaw is still being exploited by intelligence agencies despite more than a decade of warnings.
Not too surprisingly, the researchers assume this problem, like the SS7 issue, has long been exploited by intelligence agencies who are happy the problem hasn’t been addressed:
“It’s crazy. The fact that this much data is going over satellites that anyone can pick up with an antenna is just incredible,” Green says. “This paper will fix a very small part of the problem, but I think a lot of it is not going to change. I would be shocked,” Green adds, “if this is something that intelligence agencies of any size are not already exploiting.”
The discovery comes as the Trump administration takes a hatchet to the U.S. government’s ability to adequately protect the country. The administration has gutted government cybersecurity programs, including a board investigating the biggest Chinese hack of U.S. telecom networks in history.
The Trump administration has also fumbled FCC efforts to shore up internet of things (IOT) security in Chinese smart home devices, clumsily dismantled the Cyber Safety Review Board (CSRB) (responsible for investigating significant cybersecurity incidents), and randomly fired oodles of folks doing essential work at the Cybersecurity and Infrastructure Security Agency (CISA).
What could possibly go wrong?
Filed Under: cellular, encryption, intelligence, privacy, satellite, security, snooping, telecom
Comments on “Study: The World’s Satellite Data Is Massively Vulnerable To Snooping”
Well, it’s not burglarizing if the front door is not locked, it’s more some kind of self-service. (any CIA, FBI and NSA officer)
Do you really want to know?
“Signalling System No. 7 (SS7) is a set of telephony signaling protocols developed in the 1970s ”
“Signaling System 7 (SS7) is a protocol suite used in the public switched telephone network (PSTN) for out-of-band signaling. It handles the setup and teardown of telephone calls, mobile roaming, and many other services for 2G and 3G networks.”
Its Just a Straight passthru of Any signals sent to it. Also known as, IF YOU DONT Encrypt it, ITS NOT Encrypted.
There is a long time understanding. NO encryption is faster then Encrypting. Its better to Encrypt Before ending, and decrypt at the end.
Using Encryption in the middle MEANS Time to do it. Then you cant handle More signals as the system is busy doing STUPID stuff.
And if you Encrypt UP there, insted of on the ground, HOW do you fix something Broken?
You can change Encryption On the ground, not so easy Up there. You cna use 1000 types of Encryption on the ground, but changing things UP THERE?? not so easy. You can break 1-5 encryptions and Have them all.
But on the ground you can keep Changing, Easily.