Don’t look up: There are sensitive internal links in the clear on GEO satellites (39c3)

We pointed a commercial-off-the-shelf satellite dish at the sky and examined all of the geostationary satellite communications visible from our vantage point. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks. In this talk, we will cover our hardware setup, alignment techniques, our parsing code, and survey some of the surprising finds in the data. This talk will include some previously unannounced results. This data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware. There are thousands of geostationary satellite transponders globally, and data from a single transponder may be visible from an area as large as 40% of the surface of the earth. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/don-t-look-up-there-are-sensitive-internal-links-in-the-clear-on-geo-satellites