That suggests anyone could set up similar hardware somewhere else in the world and likely obtain their own collection of sensitive information. After all, the researchers restricted their experiment to only off-the-shelf satellite hardware: a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card, totaling less than $800.
“This was not NSA-level resources. This was DirecTV-user-level resources. The barrier to entry for this sort of attack is extremely low,” says Matt Blaze, a computer scientist and cryptographer at Georgetown University and law professor at Georgetown Law. “By the week after next, we will have hundreds or perhaps thousands of people, many of whom won’t tell us what they’re doing, replicating this work and seeing what they can find up there in the sky.”
One of the only barriers to replicating their work, the researchers say, would likely be the hundreds of hours they spent on the roof adjusting their satellite. As for the in-depth, highly technical analysis of obscure data protocols they obtained, that may now be easier to replicate, too: The researchers are releasing their own open-source software tool for interpreting satellite data, also titled “Don’t Look Up,” on Github.
The researchers’ work may, they acknowledge, enable others with less benevolent intentions to pull the same highly sensitive data from space. But they argue it will also push more of the owners of that satellite communications data to encrypt that data, to protect themselves and their customers. “As long as we’re on the side of finding things that are insecure and securing them, we feel very good about it,” says Schulman.
There’s little doubt, they say, that intelligence agencies with vastly superior satellite receiver hardware have been analyzing the same unencrypted data for years. In fact, they point out that the US National Security Agency warned in a 2022 security advisory about the lack of encryption for satellite communications. At the same time, they assume that the NSA—and every other intelligence agency from Russia to China—has set up satellite dishes around the world to exploit that same lack of protection. (The NSA did not respond to WIRED’s request for comment).
“If they aren’t already doing this,” jokes UCSD cryptography professor Nadia Heninger, who co-led the study, “then where are my tax dollars going?”
Heninger compares their study’s revelation—the sheer scale of the unprotected satellite data available for the taking—to some of the revelations of Edward Snowden that showed how the NSA and Britain’s GCHQ were obtaining telecom and internet data on an enormous scale, often by secretly tapping directly into communications infrastructure.
“The threat model that everybody had in mind was that we need to be encrypting everything, because there are governments that are tapping undersea fiber optic cables or coercing telecom companies into letting them have access to the data,” Heninger says. “And now what we’re seeing is, this same kind of data is just being broadcast to a large fraction of the planet.”
Services Marketplace – Listings, Bookings & Reviews