Don’t Look Up: Sensitive internal links in the clear on GEO satellites [pdf]

Original Article ↗ Hacker News Discussion ↗

Scale and Nature of the Exposure

  • Commenters are stunned by the paper’s examples: unencrypted satellite backhaul carrying T‑Mobile SMS/voice and web traffic, AT&T Mexico user traffic, TelMex VoIP calls, Mexican government and military traffic, Walmart Mexico corporate emails and credentials, and SCADA/utility control systems.
  • Some of the most sensitive leaks include real-time military object telemetry and ship identifiers.
  • A few affected organizations reportedly fixed issues after disclosure (e.g., T‑Mobile, Walmart, KPU), but many others remain unclear.

Why Links Remain Unencrypted

  • Cited reasons from the paper/Q&A: encryption overhead on already scarce bandwidth, extra power and hardware cost for remote receivers, paid “encryption licenses” from vendors, and operational pain (troubleshooting, emergency reliability).
  • Commenters add: very old satellite hardware lifecycles, vendor excuses (e.g., 20–30% “capacity loss” with IPsec), and a culture that undervalues security versus “build and sell.”
  • Economic incentives are weak: decision-makers rarely face personal consequences; liability is often diffused or shielded by EULAs and weak data‑protection enforcement.

Where Encryption Should Happen

  • One camp: satellites can be dumb repeaters; all endpoints and intermediate networks should assume the link is hostile and use TLS/IPsec/application-level crypto.
  • Others counter that average users (e.g., airline passengers) can’t reasonably be blamed for unencrypted DNS and other leaks; satellite ISPs or airlines should enforce encryption by default, similar to cellular networks.
  • Metadata leakage is discussed: even with “dumb pipes,” unencrypted headers and identifiers can reveal location and activity.

TLS Everywhere and Centralization

  • Several comments connect the paper’s finding (“almost all consumer web/app traffic used TLS/QUIC”) to the long push for HTTPS‑by‑default.
  • Debate over what drove adoption: Google search ranking, Let’s Encrypt, HSTS/Chrome warnings, and post‑Snowden surveillance concerns vs. more cynical takes that big platforms mainly wanted to protect commercial data and ad revenue from ISPs.
  • Some argue the TLS push both improved privacy and pushed traffic through large intermediaries like Cloudflare, creating new centralization and operational burdens.

Broader Security & Threat Perspectives

  • The satellite situation is framed as part of a wider pattern: pagers, hospital/government systems, and industrial control links still send highly sensitive data in cleartext.
  • Some downplay the risk due to volume and difficulty of sifting traffic; others note that targeted interception of backhauled cellular/SMS or SCADA traffic is clearly exploitable, especially by intelligence services.