Last year, a group of researchers at UC San Diego and the University of Maryland revealed a startling discovery utilizing an inexpensive satellite receiver system made with off-the-shelf components – not purpose-built spyware. Following three years of data collection and analysis from a vantage point in La Jolla, the team was able to collect a myriad of confidential data from geosynchronous satellites.
As mobile network operators, including AT&T, T-Mobile, Vodafone, and others, adopt non-terrestrial networks to expand coverage, the study highlights the need for stronger security provisions. In this research note, I will outline the types of confidential data intercepted, the initial responses from operators, and what should be considered in the longer term.
What Data Was Intercepted?
The team of researchers published its findings in a paper presented at the ACM SIGSAC Conference on Computer and Communications Security earlier this year in Taipei. It is a highly technical read, but at a high level, it centers on the lack of security controls of IP backhaul traffic carried over geostationary satellites. The team found that half of the GEO links analyzed contained unencrypted traffic. It is a surprising discovery, especially given that basic link-layer-based encryption has been used for consumer satellite television broadcast services for years.
Specifically, the intercepted unencrypted traffic included end-user voice calls and SMS, utility service industrial control signals, various internal corporate communications, including login credentials, military asset tracking, banking and ATM traffic, aviation communications, such as passenger Wi-Fi browsing and aircraft data, and more. Granted, the study involved a small sample – likely only 15% of all GEO satellites measured across thirty-nine GEO satellites, twenty-five distinct longitudes, and over four hundred transponders. However, it raises substantial concerns given the types of data exposed that are tied to personally identifiable information, defense, and critical infrastructure.
Initial Communication Service Provider Responses
Upon the research findings, AT&T Mexico immediately addressed its misconfigured satellite links. The company is also in the process of extending its dedicated internet Dynamic Defense security platform across its fiber and fixed wireless access broadband and mobility services, and eventually to its partnership with AST SpaceMobile to secure low-earth orbit satellite/ non-terrestrial network communications.
T-Mobile also responded quickly, given that it exposed voice and SMS data. The company issued a statement that only a limited number of cell sites were affected, primarily in remote and less densely populated areas of the United States.
Longer Term Considerations
The study makes several obvious recommendations. Among these, encrypt satellites at the link and network/transport layers, use end-to-end application encryption whenever possible, continually audit and monitor satellite-based backhaul and communications, and evaluate the need to address legacy deployment gaps given the variety and age of the satellite infrastructure.
From my perspective, AT&T’s Dynamic Defense platform is a model for other communication service providers to adopt. It is integrated directly into AT&T’s network layer, providing additional security controls beyond links, along with zero-trust agents and end-to-end encryption regardless of connectivity type. AT&T is also wisely partnering with Palo Alto Networks to integrate the cybersecurity platform leader’s services natively into its network. Furthermore, AT&T is already collaborating with AST SpaceMobile and Bell Labs to enhance further its defense of NTN communications, including the integration of security into the underlying infrastructure. In total, it represents a holistic, secure-by-design strategy, one that has the potential to address the concerns related to securing satellite communications recently raised by academic researchers.
A New Cybersecurity Category?
This is a learning moment for non-terrestrial network communications, especially given recent news of AT&T offering its own direct-to-device beta satellite service with AST SpaceMobile in the first half of 2026. Low-earth orbit satellite deployments from AST SpaceMobile, Starlink, and others, in partnership with operators, are poised to provide disruptive and cost-effective scale to bridge the digital divide. However, in the new space race, robust security controls are necessary to ensure widespread adoption and protect critical infrastructure, financial services, and national defense. A new NTN cybersecurity category will likely materialize over time as satellite constellations mature and new services are deployed.
