Researchers from the University of California, San Diego, and the University of Maryland have uncovered a massive security vulnerability in global satellite communications, revealing that approximately half of all geostationary satellite transmissions are unencrypted and accessible to anyone with basic equipment costing as little as $600.​

The groundbreaking study, titled “Don’t Look Up,” was presented on October 13, 2025, at the Association for Computing Machinery conference in Taiwan. Over three years, the research team examined 39 geostationary satellites across 25 distinct longitudes using consumer-grade equipment—essentially the same setup available to any satellite television user.​

Scope of Exposed Data

The intercepted data included thousands of T-Mobile users’ phone calls and text messages during a nine-hour recording session, revealing communications from over 2,700 users. Researchers also captured unencrypted internet communications from U.S. military vessels, along with detailed Mexican military and law enforcement tracking data for helicopters, naval vessels, and armored vehicles.​

Beyond telecommunications, the study exposed internal communications from major corporations and critical infrastructure. Researchers intercepted inventory management data from Walmart, banking transactions from Mexican financial institutions, and operational communications from electric utilities and oil platforms.​

Security Through Obscurity

“It completely astonished us. There are some really critical pieces of our infrastructure relying on this satellite ecosystem, and our suspicion was that it would all be encrypted,” said Aaron Schulman, UC San Diego professor who co-led the research. “And just time and time again, every time we found something new, it wasn’t.”​

The researchers’ equipment—costing just $800 total—included a standard satellite dish, motor system, and tuner card. This setup allowed them to monitor only about 15 percent of operational satellite transponders from their Southern California location, suggesting the global scope of unprotected communications is far larger.​

“They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security,” Schulman explained. “They just really didn’t think anyone would look up.”​

Industry Response

Following disclosure to affected organizations, several companies have implemented encryption fixes. T-Mobile quickly encrypted its communications after being notified in December 2024, while Walmart and KPU have also secured their systems. However, some critical infrastructure operators have yet to implement protection, according to the researchers.​

The study reveals structural disincentives for satellite encryption deployment, including additional licensing costs, bandwidth concerns, and troubleshooting complications. While satellite TV has used encryption for decades to prevent piracy, IP network traffic often lacks similar protection.​

Intelligence Agency Implications

Computer science experts warn that intelligence agencies likely already exploit these vulnerabilities with superior equipment.​

“I would be surprised if this isn’t something intelligence agencies of any size are already taking advantage of,” said Matthew Green, a Johns Hopkins cryptography professor who reviewed the study.​

The researchers acknowledged this likelihood, noting that the U.S. National Security Agency issued a security advisory in 2022 regarding the absence of encryption for satellite communications. They speculate that intelligence organizations from Russia to China have established satellite dishes globally to exploit the lack of encryption.​

The team is releasing their open-source tool for interpreting satellite data on GitHub to encourage more owners of satellite communications data to encrypt their information. While this may enable others with less altruistic motives to extract sensitive information, the researchers argue it will ultimately pressure companies and governments to adopt stronger encryption measures.​

“Billions of Calls Exposed Via Unencrypted Satellites.” 2025. Perplexity Discover, October 14, 2025. https://www.perplexity.ai/discover/you/researchers-expose-major-satel-1xKSKuHDRtq2FMAhR_0iew.

Greenberg, Andy. 2025. “Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data.” Wired, October 13, 2025. https://www.wired.com/story/satellites-are-leaking-the-worlds-secrets-calls-texts-military-and-corporate-data/.

“Researchers Warn of Global Satellite Security Crisis After Capturing Unencrypted Military, Law Enforcement and Telecom Data.” 2025. Homeland Security Today, October 14, 2025. https://www.hstoday.us/subject-matter-areas/cybersecurity/researchers-warn-of-global-satellite-security-crisis-after-capturing-unencrypted-military-law-enforcement-and-telecom-data/.

Shaikh, Kaif. 2025. “Satellites Are Leaking Private Messages and Sensitive Military Data.” Interesting Engineering, October 13, 2025. https://interestingengineering.com/culture/satellites-are-leaking-data-time.

“Unencrypted Satellites Expose Global Communications.” 2025. Security Affairs, October 14, 2025. https://securityaffairs.com/183404/hacking/unencrypted-satellites-expose-global-communications.html.

Walton, Jarred. 2025. “’They Just Really Didn’t Think Anyone Would Look Up’ — Researchers Snooped on Unencrypted Satellite Data with Basic Equipment, Finding Private Calls, Text Messages, and Even Military Communications.” PC Gamer, October 14, 2025. https://www.pcgamer.com/software/security/they-just-really-didnt-think-anyone-would-look-up-researchers-snooped-on-unencrypted-satellite-data-with-basic-equipment-finding-private-calls-text-messages-and-even-military-communications/.

Zhang, Wenyi Morty, Annie Dai, Keegan Ryan, Dave Levin, Nadia Heninger, and Aaron Schulman. 2025. “Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites.” In Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘25), October 13–17, 2025, Taipei, Taiwan. https://satcom.sysnet.ucsd.edu/docs/dontlookup_ccs25_fullpaper.pdf.