Satellites Are Leaking the World's Secrets: Calls, Texts, Military and Corporate Data (wired.com)
- Reference: 0179777936
- News link: https://science.slashdot.org/story/25/10/14/1043236/satellites-are-leaking-the-worlds-secrets-calls-texts-military-and-corporate-data
- Source link: https://www.wired.com/story/satellites-are-leaking-the-worlds-secrets-calls-texts-military-and-corporate-data/
The researchers also obtained data from airline passengers using in-flight Wi-Fi, communications from electric utilities and offshore oil and gas platforms, and US and Mexican military communications that revealed personnel locations and equipment details. The exposed data resulted from telecommunications companies using satellites to relay signals from remote cell towers to their core networks.
The researchers examined only about 15% of global satellite transponder communications and presented their findings at an Association for Computing Machinery conference in Taiwan this week. Most companies warned by the researchers have encrypted their satellite transmissions, but some US critical infrastructure owners have not yet added encryption.
[1] https://www.wired.com/story/satellites-are-leaking-the-worlds-secrets-calls-texts-military-and-corporate-data/
We get signal (Score:2, Offtopic)
Main screen turn on
Location specific? (Score:2)
> UC San Diego
Oops AT&T Mexico left off encryption? Taking money from both the Mexican govt and cartels, while f'ing them both over? Meanwhile whereever else it was "accidentally" left off, was turned back on? Or is now at least
End to end (Score:4)
And that's why end-to-end encryption is the only sort which can be trusted by the ends. None of this "SSL added and removed here" stuff. But of course governments strongly discourage its use, and especially any way to make it easier to use, because they want to eavesdrop.
Re: (Score:2)
Exactly. Because end-to-end is the only way to ensure it is done competently, or as the story indicates, done at all.
Re: (Score:2)
Apple Messages - blue bubbles; not green bubbles - are end-to-end, though I did see something about "not encrypted on the iCloud server." Dunno if that applies anymore, since the article was from 4 years ago.
This is reminiscent (Score:3)
This is reminiscent of the satellite hackers inf the late 70's and into the 80's. They used to figure out the satellite down-link codes for a lot of the cable TV channels and publish them. If you had a programmable satellite receiver you could plug the codes in and get those channels for free. However the codes changed every month so you may or may not get the same channels every month. It just depended on what codes the satellite hackers were able to "glean" that month.
What complete morons transmit secrets ... (Score:2)
... without effective encryption? I mean some _basic_ skill is required to keep secrets. Looks like these people do not have it.
Geostationary satellite are hard to upgrade (Score:1)
Geostationary satellite are hard to upgrade since they are so far away and an upgrade might be required if the hardware on board does any kind of packet inspection which remains a question to me. Application level encryption (packet payloads) should still work although so maybe the satellites have nothing to do with it if applications using them don't bother to encrypt their payloads.
Re: (Score:3, Insightful)
> Application level encryption (packet payloads) should still work although so maybe the satellites have nothing to do with it if applications using them don't bother to encrypt their payloads.
There should really be two levels of encryption. One level of encryption through the satellite provide and another level of encryption by the data sending, to protect their data from being seen by the satellite provider. This is a two fold mistake.
Re: (Score:2)
Most applications transmit over SSL anyway, meaning the data is encrypted behind the link layer, at the application layer. Just because you check your bank balance over unencrypted networking, doesn't mean SSL is invalidated. At worst, someone could tell someone in your household is talking to your bank's servers at that time.
Re: (Score:2)
>> Application level encryption (packet payloads) should still work although so maybe the satellites have nothing to do with it if applications using them don't bother to encrypt their payloads.
> There should really be two levels of encryption. One level of encryption through the satellite provide and another level of encryption by the data sending, to protect their data from being seen by the satellite provider. This is a two fold mistake.
Isn't this sort of like arguing that IP should have always-on encryption? Not everyone wants or needs encryption, and some may prioritize speed or power instead.
Re: (Score:1)
If they are only relaying data I guess it would be an easy fix, just send the data up encrypted and it just passes it along. But if they are actually needing to interact with the data I guess that's a problem.
Re: (Score:2)
Too far away?
I don't think you know how these satellites work.
They have communication links. You don't have to send a technician up to the satellite to upgrade the software ;)
"They collected phone calls and text messages from more than 2,700 T-Mobile users in just nine hours of recording.
The researchers also obtained data from airline passengers using in-flight Wi-Fi, communications from electric utilities and offshore oil and gas platforms, and US and Mexican military communications that revealed personnel