from the whoops dept

For many many years, experts have warned about massive longstanding flaws in Signaling System 7 (SS7, or Common Channel Signaling System 7), a series of protocols used by cellular networks hackers can exploit to track user location, dodge encryption, and even record private conversations. Governments and various bad actors routinely exploit the flaw to covertly spy on wireless users around the planet without them ever knowing. We’ve done a piss poor job of fixing the problem.

Now Wired points to a new study that indicates that the planet’s satellite communications may not be any more secure. A team of researchers at UC San Diego and the University of Maryland found that nearly half of all geostationary satellite signals aren’t properly encrypted. That includes a lot of highly sensitive corporate, government, and military communications.

Worse, the traffic can be intercepted with roughly $800 worth of off the shelf equipment. In their case, the researchers used a $800 satellite receiver system on the roof of a university building in San Diego. They were able to snoop on a wide variety of data they assumed would have been encrypted, including the communications of many T-Mobile customers and important utility communications:

“It just completely shocked us. There are some really critical pieces of our infrastructure relying on this satellite ecosystem, and our suspicion was that it would all be encrypted,” says Aaron Schulman, a UCSD professor who co-led the research. “And just time and time again, every time we found something new, it wasn’t.”

The researchers have spent the last year contacting companies to let them know they should encrypt their traffic, with mixed results. As we’ve seen with cellular networks and the SS7 flaw, **knowing **there’s a very serious problem doesn’t necessarily mean it’s fixed; that flaw is still being exploited by intelligence agencies despite more than a decade of warnings.

Not too surprisingly, the researchers assume this problem, like the SS7 issue, has long been exploited by intelligence agencies who are happy the problem hasn’t been addressed:

“It’s crazy. The fact that this much data is going over satellites that anyone can pick up with an antenna is just incredible,” Green says. “This paper will fix a very small part of the problem, but I think a lot of it is not going to change. I would be shocked,” Green adds, “if this is something that intelligence agencies of any size are not already exploiting.”

The discovery comes as the Trump administration takes a hatchet to the U.S. government’s ability to adequately protect the country. The administration has gutted government cybersecurity programs, including a board investigating the biggest Chinese hack of U.S. telecom networks in history.

The Trump administration has also fumbled FCC efforts to shore up internet of things (IOT) security in Chinese smart home devices, clumsily dismantled the Cyber Safety Review Board (CSRB) (responsible for investigating significant cybersecurity incidents), and randomly fired oodles of folks doing essential work at the Cybersecurity and Infrastructure Security Agency (CISA).

What could possibly go wrong?

Filed Under: cellular, encryption, intelligence, privacy, satellite, security, snooping, telecom