A new spate of cyber exposure across industries has reignited a familiar wave of anxiety around how safe our data and systems are from bad actors. Satellites aren’t spared this scrutiny, with many commentators alleging that too many are working on older technologies with naïve understandings of how exposed data streams have become.
In the satellite industry, many conversations on this topic begin with the sobering reminder of the successful Russian cyberattack against Viasat’s KA-SAT network on February 24th 2022, the day of their full-scale invasion of Ukraine. The use of wiper malware termed “AcidRain” remotely erased modems and routers of the network, compromising Ukrainian command and control capability. Vulnerabilities like these are still being discovered and discussed.
A new study from the University of California San Diego (UCSD) and the University of Maryland has performed the most comprehensive public exploration into geostationary (GEO) satellite security yet, logging large amounts of unencrypted data being broadcast across 411 transponders on 39 GEO satellites, which were intercepted with a simple commercial-off-the-shelf satellite dish costing a few hundred dollars.
Material intercepted included internal corporate and government communications, private voice and SMS data and consumer internet traffic from in-flight and mobile networks. Parties whose communications were visible comprised militaries, police forces, critical infrastructure and maritime vessels. Those who agreed to be identified, having remedied their exposures or elapsed a disclosure window, included T-Mobile, WalMart and KPU.
“In our study, we captured sensitive corporate, industrial and governmental data that should never have been transmitted in the clear,” said Wenyi “Morty” Zhang, a Ph.D. computer science student at UCSD who led the study. “It is quite easy if none of the layer encrypts the traffic (which happened many times), the data is broadcast exactly as-is across an entire continent-sized footprint. Anyone inside the beam can quietly collect the traffic using a consumer-grade setup, with essentially zero risk of detection.”
Satellite downlinks can have wide geographic exposure but narrow feeder and laser links, which can be very directional. Within main or sidelobe coverage interceptions like this are possible, though systems are increasingly being encrypted, with exceptions to the rule usually being less sensitive information.
Sceye Chief Technology Officer Johnny Truong said the research was commendable, but that the issue we see today goes beyond encryption.
“It is important to note that not all issues can be solved simply with stronger encryption—some vulnerabilities relate to weak authentication, hard-coded operational procedures, or legacy command structures that predate modern cybersecurity standards,” Truong told Constellations. “Poor encryption exposes tracking, telemetry and command (TT&C) channels, ranging, and onboard network buses, which require deeper architectural changes to secure beyond payload-layer cryptography.”
He identifies GEO/MEO satellites built several decades before cybersecurity became a mainstream issue that threatened all digitized industries as some of the most relevant risks in orbit.
How Big of a Blindspot is This?
It’s a mainstay of our risk-hungry economy that we often hear the full story of how exposed our systems are to danger only after they’ve blown up in our faces. Today, not many systems exist for cataloging the span of signals encryption via satellite, a blindspot the study hoped to draw attention to.
“Because visibility of how their own traffic is sent was so poor, many organizations simply assumed everything was encrypted.” Wenyi “Morty” Zhang, UCSD
“Before our work, there were very few open-source tools that made it possible for researchers or operators to audit what was actually being transmitted over their own links,” UCSD’s Zhang said. “Because visibility of how their own traffic is sent was so poor, many organizations simply assumed everything was encrypted. Our measurements show that a lot of operators and customers still do not treat satellite links with the level of security scrutiny they deserve, and many were surprised when we disclosed what we found.”
Working within the bounds of the law, researchers contacted the companies and institutions they found to be exposed in their study. Several vendors disclosed they were still in the process of transitioning to encrypted links.
Defense departments are already austere about these kinds of cyber risks, but those understandings have yet to translate into wider technological maturities. Sceye’s Truong said this is a natural result of the nature of satellite development, refresh cycles and the complexity of their associated hardware and software.
“The inability to physically access a satellite for remediation means that any compromise of onboard software, TT&C or payload processors would become a problem,” he said. “GNSS disruption, for example, would have profound effects on timing, financial systems, aviation and telecom synchronization, even though terrestrial fallback systems like eLORAN, multi-GNSS, and position, navigation and timing (PNT) integrity services exist.”
The study didn’t observe low-Earth orbit (LEO) signals, which are more widely encrypted, but their interception risk remains if control links can be accessed without authentication, or other legacy protocols are present for exploitation.
Taking Cyber Seriously
It’s a common refrain of today’s satellite industry to always refer to their systems as secure and baked in at the design level, though these conversations aren’t always matched with particularly concrete understandings of the threat, nor the convoluted measures needed to keep hackers guessing well into the future.
“The most important lesson is that the industry needs good encryption everywhere in the stack,” UCSD’s Zhang told Constellations. His recommendations include:
- Link-layer encryption being enabled on satellite modems and transceivers.
- Network-layer encryption such as Internet Protocol Security (IPsec) and Transport Layer Security (TLS) being used for customers using satellite backhaul.
- Operators periodically auditing their traffic and notifying their users if they discover irregularities.
Quantum-ready security can be a useful way for executives to deliver the impression of future-proof hardware, but the principle is still not widely understood, even by academics.
Quantum-ready security can be a useful way for executives to deliver the impression of future-proof hardware, but the principle is still not widely understood, even by academics.
The idea revolves around the danger of store-now, decrypt-later (SNDL) attacks which capture data conventionally thought to be secure, reliant on classical public-key cryptography such as Rivest-Shamir-Adleman (RSA) or Elliptic Curve Cryptography (ECC), which could hypothetically be broken fairly easily with quantum algorithms, assuming sufficiently large quantum computers are used (a technology still being proven to be mass producible, let alone commercialized).
“Shor’s algorithm could crack current cybersecurity measures exponentially faster,” said Jacob Dunningham, deputy director of the Sussex Centre for Quantum Technologies. “Post-quantum cryptography, believed to be difficult even for quantum computers to solve, or leveraging quantum physics itself, [protect against quantum cyber].”
While many principles of theoretical science and the claims of emerging technologies invite skepticism, quantum technology has been spoken of more seriously in recent years, with some treating it as something of a certainty.
“Strategic actors are already preparing for a future where current cryptographic protections may not withstand quantum capabilities,” Truong said. “Post-quantum security centers on deploying post-quantum cryptography (PQC) and, where appropriate, quantum key distribution (QKD). QKD provides information-theoretic key security but requires rigorous implementation, authenticated classical channels, and secure detector hardware. PQC, on the other hand, protects classical communication paths against quantum attacks and is being standardized globally.”
Indeed, the UK National Cyber Security Centre has been working on post-quantum standards and has recently published a timeline for migration to post-quantum cryptography. It stated that the highest priority data should be migrated by 2031 and the remainder by 2035.
“The danger to all this is data harvesting,” Dunningham said. “If the most sensitive data has not been migrated to PQC until 2031 and you want that information to remain secure for, say, 10 years, then we would need to be sure that a quantum computer capable of cracking current security algorithms is not a reality before 2041. Given current progress with quantum computers, that is far from assured.”
An Alternative at the Stratosphere?
High-altitude pseudo-satellites (HAPS) can play a unique role as sovereign, trusted skyborne nodes for PQC or QKD key distribution—offering stable geometry, national control, and tight beam confinement that limit interception opportunities. Together, these approaches form a path toward resilient, future-proof secure communications.
Sceye believes some of these risk vectors can be addressed by deploying HAPS, which can launch, operate and even land inside national jurisdiction.
Sceye believes some of these risk vectors can be addressed by deploying HAPS, which can launch, operate and even land inside national jurisdiction, while positioning themselves to avoid unnecessary liabilities like wide-area downlink leakage while being close enough to shoot down in the unlikely event of total compromise—a highly dangerous option for satellites.
“Sceye’s HAPS platforms benefit from fundamental advantages in physics and sovereignty,” Truong said. “Operating at ~20 km inside national airspace and with fast development and launch cycles, this means far fewer opportunities for adversaries to position themselves within a recoverable signal path or physically destroy the HAPS itself.”
HAPS beams are narrower (shorter distance means higher gain, which means a tighter footprint), with persistent, uninterrupted connectivity and the ability to move on a variable trajectory, all of which reduces risk.
The unfortunate truth is that no platform is immune to cyber risk, given that the sophistication of modern hacking capabilities is advanced, poorly understood and evolving over accelerating timeframes. There may be no true silver bullet for cyberattacks, with the future of this economic bugbear merely being its slow transition into an increasingly familiar foe.
Explore More
Quantum Cyberattacks: A Future or Current Concern for Satellites?
Guarding the Ground: Security Implications for GSaaS
Space Security and Defense: A New Era of Strategic Priorities
