Don’t Look Up: Sensitive internal links in the clear on GEO satellites [pdf]

Posted by dweekly 10/14/2025

Don’t Look Up: Sensitive internal links in the clear on GEO satellites [pdf](satcom.sysnet.ucsd.edu)

555 points | 138 commentspage 2

atarvaneitor 10/14/2025|

Does anyone remember the days when you pointed a 60cm antenna at the Hispasat 30W and connected your DVB-S2 tuner in Windows, Using Crazycat's BDADataEx, you tuned an IP data transponder. Using a technique called Satfish (with a software I don't remember), some files were reconstructed, usually vsat data from oil platforms... and porn.

I'm going to dust off the TBS DVB-S2X card and try to find a data transponder to test the DontLookup app. https://github.com/ucsdsysnet/dontlookup

Where I live, it's almost impossible to find any interest in FTA or pirated SAT TV.

att: ham radio operator interested in satellite radio :D

myself248 10/14/2025||

My understanding has been that the majority of FTA TV in the western hemisphere is religious in nature, and that's simply not a tempting onboarding bait for a lot of people to buy the gear and start exploring. The vast majority of satellite TV receivers in the US are propretary VSAT services, not equipped for exploring wild feeds and things.

My understanding is that elsewhere, there's a lot more interesting stuff FTA so a lot more people have the hardware, and the hardware itself is more generic. So there's just more opportunity for someone to get bored and discover a new hobby a few degrees to the side of their usual watering hole.

BonusPlay 10/14/2025||

If you're interested in the topic there's great YouTube channel that demonstrates such attacks IRL together with full tutorials. Below are 2 satellite related videos:

1) https://www.youtube.com/watch?v=2-mPaUwtqnE

2) https://www.youtube.com/watch?v=ka-smSSuLjY

jeff_lee 10/14/2025||

Who needs hackers when companies broadcast their secrets to half the planet?

immibis 10/14/2025|

Intercepting non-obvious (in the sense that you can't just, like, open your wifi menu and see them) broadcasts is still hacking. Heck, even intercepting obvious (in the sense that it says "your data is not secure" on the screen of the people communicating) broadcasts is still hacking. Doing what Firesheep does, before Firesheep, was hacking. And then someone made Firesheep and it was still hacking, but now anyone could do it by clicking a few buttons, without any hacking skill whatsoever, not even using a command line, so it was finally patched.

OnACoffeeBreak 10/14/2025||

From the Introduction: "Each satellite may carry traffic for dozens of independent networks through an array of on-board transponders, each covering a diameter of thousands of kilometers (at most a third of Earth’s surface)".

Can someone help me understand the use of "diameter" in this sentence. I am guessing it refers to the satellite's signal coverage of the Earth's surface. If that's the case, wouldn't something like arc degrees be a better measure? I just can't figure out how "diameter" can be used to describe a coverage arc or area.

jnovacho 10/14/2025||

They mean the intersection between the cone produced by the satellite and "illuminated" surface. If the antenna beam is normal to the sphere, it will produce a disk which has an diameter.

slow_typist 10/14/2025||

This, and 1/3 of earth’s surface is the maximum you can see from geostationary orbit.

alterom 10/15/2025||

Yeah, diameter is ambiguous (is it the diameter of the disk in space, or in the geometry/topology of the Earth's surface?).

Either way, they point is, it's a lot of coverage.

vzaliva 10/14/2025||

In view of this disclosure I am even more dissapointet T-mobile satellite service (via starlink) does not support Signal messenger.

drsopp 10/14/2025||

I wonder why the DOI link on the bottom left of the first page does not work:

https://doi.org/10.1145/3719027.3765198

xucheng 10/14/2025|

It’s quite common for a DOI to be assigned to a paper after it’s accepted during camera ready. However, the DOI won’t work until the conference or journal version is published on the official website (ACM in this case). The version you’re viewing now is simply a preprint directly from the authors.

feraloink 10/14/2025||

Exactly! It says this as one of the 3 reasons for DOIs not found on the error page:

>The DOI has not been activated yet.

modeless 10/14/2025||

> remarkably, nearly all the end-user consumer Internet browsing and app traffic we observed used TLS or QUIC

There was a surprising amount of resistance to the push to enable TLS everywhere on the public Internet. I'm glad it was ultimately successful.

the8472 10/14/2025||

It has improved security, but it has made it less durable. Hosts now need constant maintenance to keep up with changes to TLS policies, certificate renewal protocols and so on.

vasco 10/14/2025|||

It was only successful because Google said you'd rank higher if you did it.

yujzgzc 10/14/2025|||

It was only successful because of Let's Encrypt removing any excuse for not having HTTPS on your website, HSTS becoming a thing, and Chrome moving from gentle inducements (that cute green padlock) to nasty looking warnings if you didn't use encryption.

vasco 10/14/2025||

No, that was after, and it made it easy, but before google many people said there was no point "because their site wasnt sensitive". Those people didn't care about let's encrypt or how easy it was, they just didn't find a reason to do it. Google gave them a monetary reason to do it.

stephen_g 10/14/2025|||

Which in-turn was driven by the Snowden revelations of what the NSA was doing in terms of mass surveillance.

GuB-42 10/14/2025||

I have a more cynical view of the reason.

It is to protect commercial interests, I don't think that Google cares about the NSA looking at your personal data.

Google cares a lot about protecting the personal data they get from you, so that they and no one else can get it, at least not for free.

Because let's get real, 99% of the time, why do you need encryption? The reason is commercial activity. It is really important to protect your credit card number, otherwise no one would trust e-commerce. For paid service to work, you need to authenticate, and it means encryption, no paywall means no authentication and much less need for encryption. And even with "free" services, you need encryption to protect the account that shouldn't even be required in the first place. As for general communication, my guess is that hackers and governments alike are more interested in financial data than in casual conversation.

So by pushing TLS everywhere, Google is actually pushing for a more commercial, less open web. That it helps with general privacy (except against Google itself) is just a happy accident.

kibwen 10/14/2025||

This is remarkably naive for being self-admittedly cynical. Transmitting all web pages in the clear allows any man in the middle to spy on profile you based on the exact contents of the sites you're visiting. We know for a fact that ISPs were profiling us like this and monetizing this personal data prior to ubiquitous encryption.

fragmede 10/14/2025||

The even more unscrupulous ISPs would outright edit the HTML and images that got sent to you, removing Google's ads and injecting theirs. Which arguably Google would have cared about a lot more.

mike_d 10/14/2025||

> I'm glad it was ultimately successful.

What are you talking about? It was an absolute failure.

As soon as we got widespread TLS adoption, Cloudflare magically came along and wooed all the nerds into handing over all the plaintext traffic to a single company.

bschne 10/14/2025||

Tangential, but I was very surprised to learn recently that my country still has a more or less nationwide POCSAG pager network where only some users encrypt their traffic

elevation 10/14/2025|

As an aside, the PDF metadata says it's generated from LaTeX, but the layout and typesetting looks better than the LaTeX output I'm familiar with. Nicely done.

bobbylarrybobby 10/14/2025|

The body font appears to be Libertinus Serif (and I assume Libertinus Sans is the seldom-used sans font), which I agree look much nicer than the default Computer Modern

More comments...