You can’t see them. But up in the sky, about 30,000 miles from San Diego, there are dozens of geostationary satellites beaming signals to our city and region. They are needed to transfer important data that include cell phone calls and codes that allow remote control of important infrastructure.
“But, the signal’s also able to be picked up anywhere. In particular we were able to pick it up just by pointing our dish up here in San Diego.” said Aaron Schulman, a professor of computer science and engineering at UC San Diego.
The “dish” Schulman speaks of sits on the roof of the computer science building at UCSD. It’s nothing fancy, a consumer grade satellite dish that anyone could buy for less than a thousand bucks.
Schulman was one of a handful of UC San Diego scholars, with partners at the University of Maryland, who analyzed the messages they intercepted. They set out to study how satellite messages were encrypted — turned into code so they’re unintelligible to unintended users. Schulman said he was kinda shocked by what they found and their research was forced to take a turn.
“We realized very quickly we had to change the course of our project. Our scientific goal was to see if encryption was used well and now we’re like, wait, there was no encryption! So we’re going to have to go in and analyze that traffic we saw unencrypted and just figure out who this is, and report to them so they could get it turned off,” Schulman said.
The unencrypted messages included sensitive corporate information. People calling to speak with their doctors and lawyers. Schulman said they got messages from a Mexican military surveillance system that kept track of ships on the water.
He said a lot of U.S. Navy communications they got were encrypted, but some were not. Enough to reveal that messages were coming from Navy ships.
“You know, deploying encryption takes some work but is clearly doable because every phone, every web browser, every laptop computer, wifi networks are encrypted,” said Nadia Heninger, a UCSD professor of computer science. “This is a pervasive thing. And so to not have it be universal for satellite communications is quite surprising.”
Henninger said phone calls in urban areas, sent and received by cell phone towers, remain encrypted. But it can be different if you’re calling from remote areas.
There, she says, cell phone towers have to relay the signal to a satellite, where the encryption can be stripped before it reaches the person being called.
The good news, said Schulman, is when they told people their communications were intercepted and not encrypted, they fixed the problem.
“Depending on the organization, some fixed it within 24 hours. Some took a few weeks but, indeed, they realized this is very real very quickly and unfortunately I think a lot of them realized this is ultra sensitive traffic,” he said.
The research group published a paper on their findings for the ACM Conference on Computer and Communication Security in Taiwan. The headline of their paper on clear satellite communications was, Don’t Look Up.
