https://archive.md/QMvAI

With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted.

  • stoy@lemmy.zip
    link
    fedilink
    English
    arrow-up
    76
    arrow-down
    1
    ·
    12 days ago

    I remember reading that drug cartells in South America are using disused military communications satellites.

    These satellites simply takes a signal recieved on one band and rebroadcast it on another band over a wide area, so as long as the satellite can pick up your signal you can basically talk to an entire continent at once, all while remaining anonymous.

      • ferret@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        37
        arrow-down
        1
        ·
        12 days ago

        Nope, lol. These suckers are fucking ancient. There isn’t any processing, you can’t overload something that isn’t actually reading the data or using a protocol.

        • vacuumflower@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          12 days ago

          They still use energy, no? To relay signals on another frequency. That should come from somewhere, and also the more different signals, the more noise. And without their input frequency being regulated, there must be lots of noise.

          • Arkthos@pawb.social
            link
            fedilink
            English
            arrow-up
            20
            ·
            12 days ago

            You can do this same attack on any antenna, noise can’t be protocolled away. Repeating both signal and noise is a downside to bent-pipe setups.

            Input frequencies are regulated via band-pass filters.

            • vacuumflower@lemmy.sdf.org
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              2
              ·
              12 days ago

              I’m not talking about technical things, just that IRL on regulated frequencies one can do something because people using it for bullshit are legally prosecuted. Depends on wavelength, of course.

              But OK, now I think I get what you are talking about.

      • Theoriginalthon@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        12 days ago

        Well the biggest steps I’m going to assume are having a satellite dish, knowing where to point it, knowing what to send, then hope that someone is listening. Much easier for a hooligan to throw a rock at someone or find a can of spray paint

  • treadful@lemmy.zip
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    7
    ·
    13 days ago

    “Generally, our users choose the encryption that they apply to their communications to suit their specific application or need,” says a spokesperson for SES, the parent company of Intelsat. “For SES’s inflight customers, for example, SES provides a public Wi-Fi hot spot connection similar to the public internet available at a coffee shop or hotel. On such public networks, user traffic would be encrypted when accessing a website via HTTPS/TLS or communicating using a virtual private network.”

    Can’t decide the side of the fence I am on for this. Of course the vast majority of Internet traffic across the world is unencrypted. Anyone could be on the line between me and this Lemmy instance, just as they could if there was a satellite between us. However, you’re also broadcasting it to like 25% of the globe and not even making any kind of physical infrastructure efforts.

    Quest can’t entirely guarantee nobody will snoop a fiber line, but they do bury them.

      • treadful@lemmy.zip
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        12 days ago

        I should’ve been more clear, I didn’t mean the data, but at the protocol level it’s all open.

        Same with the Internet traffic through these satellites.

        • Natanael@infosec.pub
          link
          fedilink
          English
          arrow-up
          5
          ·
          12 days ago

          You should be clear with the difference between link encryption and application encryption here

        • Cocodapuf@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          12 days ago

          I mean, some parts of the protocols we use for the Internet need to be in the clear to work, DNS comes to mind. If you want that kept private as well you need to use something like tor.

          But regardless, what people generally actually care about keeping secret is the content, not the protocol.

          • treadful@lemmy.zip
            link
            fedilink
            English
            arrow-up
            3
            ·
            12 days ago

            I mean, some parts of the protocols we use for the Internet need to be in the clear to work, DNS comes to mind. If you want that kept private as well you need to use something like tor.

            Not really. We also have DNS over HTTPs, DNS over TLS, and DNSCrypt which are all becoming more popular. But that’s still application level data that I’m not really talking about.

            But regardless, what people generally actually care about keeping secret is the content, not the protocol.

            A lot of information can be gleaned from protocol metadata though. Source, destination, which applications are being used, maybe more depending on protocols. Not exactly information I want to be easily available to the public, but also not exactly critical either.

    • Arkthos@pawb.social
      link
      fedilink
      English
      arrow-up
      1
      ·
      12 days ago

      Typically satellites have beams they turn on and off to service different areas, with one beam pointing towards the RAN that receives the data rather than just repeating a broadcast out to everywhere the satellite can theoretically reach. For mobile telecom backhaul via satellite it is standardized that the data should be encrypted for untrusted transport links so this seems to me like an issue of not following specs.