Satellite Communications Exposed: 2025’s Unencrypted Data Crisis
Executive Summary
In mid-2025, a landmark study revealed that a vast portion of global geostationary satellite communications—including critical infrastructure, government, corporate, and consumer data—are transmitted unencrypted. Security researchers, using inexpensive commercially available satellite equipment, intercepted highly sensitive transmissions such as internal communications, private calls and SMS, and in-flight internet traffic. Because thousands of geostationary transponders broadcast across enormous geographic areas, these unprotected signals can be passively accessed by unauthorized parties from virtually anywhere within satellite coverage zones, putting confidential data at significant risk of interception and exploitation.
This incident underscores a persistent and growing concern regarding the lack of robust encryption in satellite communications, even as regulations and cyber threats evolve rapidly. Increasing satellite connectivity for aviation, maritime, and remote access drives urgency around encryption, as adversaries and data brokers exploit these vulnerabilities on a global scale.
Why This Matters Now
With the proliferation of satellite internet and expanding reliance on space-based communications, failure to encrypt data in transit leaves critical systems, organizations, and citizens exposed to passive interception. Threat actors can access sensitive information with minimal technical effort, making urgent improvements in satellite traffic encryption an immediate priority for global privacy and security.
Attack Path Analysis
Attackers leveraged the lack of encryption on satellite communications to passively intercept sensitive data without requiring access to the target environment. No privilege escalation or lateral movement within cloud infrastructure occurred, as the attack relied solely on unprotected data in transit. Attackers maintained ongoing visibility into traffic (acting as command and control) by continued interception. Large-scale exfiltration was possible simply through eavesdropping on broadcasted flows. The impact included unintended exposure of confidential corporate, government, and citizen information with potential regulatory and reputational consequences.
Kill Chain Progression
Initial Compromise
Description
Attackers used commercial satellite equipment to intercept unencrypted data in transit, exploiting a lack of transport encryption.
MITRE ATT&CK® Techniques
Network Sniffing
Automated Exfiltration
Masquerading
Data from Local System
Exfiltration Over C2 Channel
Hardware Additions
Application Layer Protocol
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Render Stored Account Data Unreadable
Control ID: 3.4.1
NYDFS 23 NYCRR 500 – Encryption of Nonpublic Information
Control ID: 500.15
DORA (Digital Operational Resilience Act) – Information Security Standards
Control ID: Article 9, Sec. 2
CISA Zero Trust Maturity Model 2.0 – Data Encryption in Transit and at Rest
Control ID: Data Pillar – Encryption
NIS2 Directive – Security of Network and Information Systems - Encryption
Control ID: Article 21(2)(d)
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Airlines/Aviation
In-flight wifi and satellite communications expose passenger data and operational systems through unencrypted geostationary satellite traffic, requiring immediate encryption implementation.
Telecommunications
Mobile network satellite backhaul transmits unencrypted voice calls and SMS globally, creating massive information disclosure risks across consumer communications infrastructure.
Government Administration
Internal government communications broadcast unencrypted via satellite create national security vulnerabilities, exposing sensitive operations to passive interception with consumer hardware.
Utilities
Critical infrastructure control systems using satellite communications face information disclosure threats from unencrypted traffic observable across 40% of earth's surface.
Sources
- A Surprising Amount of Satellite Traffic Is Unencryptedhttps://www.schneier.com/blog/archives/2025/10/a-surprising-amount-of-satellite-traffic-is-unencrypted.htmlVerified
- Study Finds Widespread Eavesdropping Risks in Geostationary Satellite Communicationshttps://www.cs.umd.edu/article/2025/11/study-finds-widespread-eavesdropping-risks-geostationary-satellite-communicationsVerified
- Satellites found exposing unencrypted data, including phone calls and some military commshttps://techcrunch.com/2025/10/14/satellites-found-exposing-unencrypted-data-including-phone-calls-and-some-military-comms/Verified
- Unencrypted Satellites Leak Sensitive Data to Anyone Listeninghttps://www.techreviewer.com/tech-news/2025-10-14-unencrypted-satellites-leak-sensitive-data-to-anyone-listening/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Robust encryption of data in transit and egress security controls would have rendered intercepted satellite traffic unintelligible to adversaries, preventing disclosure at the source. Distributed CNSF controls enforcing transport encryption, continuous monitoring, and centralized policy across hybrid environments directly mitigate the observed threat, ensuring sensitive traffic cannot be captured in the clear.
Control: Encrypted Traffic (HPE)
Mitigation: Prevented interception of readable traffic.
Control: Egress Security & Policy Enforcement
Mitigation: Blocked disclosure of authentication data leaving controlled environments.
Control: Zero Trust Segmentation
Mitigation: Reduced risk of pivoting from compromised credentials.
Control: Multicloud Visibility & Control
Mitigation: Detected atypical traffic patterns and shadow egress.
Control: Egress Security & Policy Enforcement
Mitigation: Prevented unencrypted or unauthorized data exfiltration.
Minimized scope and downstream effects of attacks.
Impact at a Glance
Affected Business Functions
- Telecommunications
- Aviation
- Critical Infrastructure Operations
- Military Communications
Estimated downtime: N/A
Estimated loss: N/A
The lack of encryption in geostationary satellite communications has led to the exposure of sensitive data, including private voice calls, text messages, internet traffic from in-flight Wi-Fi, and critical infrastructure communications. This data can be intercepted by individuals with minimal investment in consumer-grade hardware, posing significant privacy and security risks.
Recommended Actions
Key Takeaways & Next Steps
- • Mandate encryption (e.g., MACsec/IPsec/VPN) for all data in transit over satellite and hybrid networks.
- • Deploy centralized egress security enforcement to ensure sensitive data is never transmitted in the clear.
- • Implement zero trust segmentation and identity-aware controls to prevent exposure and lateral movement following any credential leaks.
- • Enhance multicloud traffic visibility and continuous monitoring to detect unauthorized or shadow traffic paths.
- • Regularly audit configuration and encryption posture across all edge, satellite, and cloud network segments.
