15 October, 2025: T-Mobile has been in touch to provide some extra information about the encryption the researchers discovered it was using after being informed of the breach. The information is as follows:
‘This was a misconfiguration with a vendor who currently manages less than 50 backhaul cell sites… T-Mobile immediately addressed a vendor’s technical misconfiguration that affected a limited number of cell sites using geosynchronous satellite backhaul in remote, low-population areas, as identified in this research from 2024. This was not network-wide, is unrelated to our T-Satellite direct-to-cell offering, and we implemented nationwide Session Initiation Protocol (SIP) encryption for all customers to further protect signaling traffic as it travels between mobile handsets and the network core, including call set up, numbers dialed and text message content.’
A team of researchers from UC San Diego and the University of Maryland have published a study [PDF warning] detailing their attempts to pick up unsecured information from the airwaves using a basic receiver system. Over the course of three years, the team pointed their off-the-shelf residential dish at various geostationary satellites and interpreted the data, and were shocked by what they found.
Using a $180 satellite dish and roof mount, a $195 motor system, and a $230 tuner card, the team say they were able to pick up samples of the contents of US calls and text messages on the T-Mobile cellular network, along with data from in-flight Wi-Fi and utility infrastructure comms from oil rigs and electricity providers. Perhaps more troubling, however, was that military and law enforcement communications were also said to be easily accessible, revealing the locations of personnel, equipment, and facilities.
“They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security,” Schulman continues. “They just really didn’t think anyone would look up.”
What’s also troubling is the relatively small scale of the researchers’ efforts. Using their easily obtainable equipment from a San Diego location, they were only able to pick up signals from roughly 15% of satellites currently in operation, yet discovered numerous unencrypted communications—suggesting the problem may be more widespread than initially thought.
At one point, during a nine-hour recording session of T-Mobile’s backhaul satellite communications, the researchers say they were able to view phone numbers, calls, and text messages from over 2,700 users. There is a small glimmer of hope, however, in that the team was only able to pick up data from one side, meaning that the data the users were receiving was open to access, not data being sent from their devices. Essentially, a one-sided conversation—but a leaked one, nonetheless.
The team seem keen to point out that they didn’t actively intercept any of these communications, instead passively listening to what the receiver picked up.
“When we saw all this, my first question was, did we just commit a felony? Did we just wiretap?” says co-leader of the study Professor Dave Levin.
However, it appears that all that was needed to receive the unencrypted data was a small set of equipment, and the knowledge of how to use it. “These signals are just being broadcast to over 40 percent of the Earth at any point in time,” said Levin.
The team say they were also able to receive unencrypted internet communications from US military sea vessels, and were able to discern the vessel’s names as a result. However, data from Mexican military and law enforcement authorities seems far more detailed. The team say they were able to pick up the unprotected transmission of intelligence information on narcotics tracking, as well as military asset tracking and maintenance records for helicopters, sea vessels, and armoured vehicles, along with locations and mission details.
The team has since notified the companies and agencies affected by the unencrypted information, with varying results. According to the researchers, T-Mobile, Walmart, and KPU have been re-scanned since being informed of the data breach and are now using some form of encryption, although other unnamed parties still appear to be broadcasting without a fix.
It’s truly astonishing how much data the team was able to intercept with a relatively budget set of equipment, and it does make you wonder how easy it would be for less scrupulous entities to do the same. The researchers acknowledge that their work may enable others to begin tracking satellite communications, and that intelligence agencies with far superior equipment are likely to have been analysing the same unencrypted data.
However, they argue that the study may force more satellite communications providers to tighten up their security protocols. Schulman says: “As long as we’re on the side of finding things that are insecure and securing them, we feel very good about it.”
Best PC gaming kit 2025
link