Don’t Look Up: Sensitive internal links in the clear on GEO satellites [pdf]

Posted by dweekly 22 hours ago

Don’t Look Up: Sensitive internal links in the clear on GEO satellites [pdf](satcom.sysnet.ucsd.edu)

485 points | 119 commentspage 2

atarvaneitor 19 hours ago|

Does anyone remember the days when you pointed a 60cm antenna at the Hispasat 30W and connected your DVB-S2 tuner in Windows, Using Crazycat's BDADataEx, you tuned an IP data transponder. Using a technique called Satfish (with a software I don't remember), some files were reconstructed, usually vsat data from oil platforms... and porn.

I'm going to dust off the TBS DVB-S2X card and try to find a data transponder to test the DontLookup app. https://github.com/ucsdsysnet/dontlookup

Where I live, it's almost impossible to find any interest in FTA or pirated SAT TV.

att: ham radio operator interested in satellite radio :D

myself248 11 hours ago||

My understanding has been that the majority of FTA TV in the western hemisphere is religious in nature, and that's simply not a tempting onboarding bait for a lot of people to buy the gear and start exploring. The vast majority of satellite TV receivers in the US are propretary VSAT services, not equipped for exploring wild feeds and things.

My understanding is that elsewhere, there's a lot more interesting stuff FTA so a lot more people have the hardware, and the hardware itself is more generic. So there's just more opportunity for someone to get bored and discover a new hobby a few degrees to the side of their usual watering hole.

jeff_lee 16 hours ago||

Who needs hackers when companies broadcast their secrets to half the planet?

immibis 5 hours ago|

Intercepting non-obvious (in the sense that you can't just, like, open your wifi menu and see them) broadcasts is still hacking. Heck, even intercepting obvious (in the sense that it says "your data is not secure" on the screen of the people communicating) broadcasts is still hacking. Doing what Firesheep does, before Firesheep, was hacking. And then someone made Firesheep and it was still hacking, but now anyone could do it by clicking a few buttons, without any hacking skill whatsoever, not even using a command line, so it was finally patched.

elevation 10 hours ago||

As an aside, the PDF metadata says it's generated from LaTeX, but the layout and typesetting looks better than the LaTeX output I'm familiar with. Nicely done.

bobbylarrybobby 10 hours ago|

The body font appears to be Libertinus Serif (and I assume Libertinus Sans is the seldom-used sans font), which I agree look much nicer than the default Computer Modern

bschne 11 hours ago||

Tangential, but I was very surprised to learn recently that my country still has a more or less nationwide POCSAG pager network where only some users encrypt their traffic

wyager 20 hours ago||

I see no issue with the satellite backhaul itself being unencrypted; anyone using the satellite provider should assume they're hostile and encrypt+authenticate everything they send anyway. I don't trust my ISP's fiber to be snoop-resistant just because they nominally have some shitty ONT encryption.

Obviously the specific examples of end-users failing to encrypt are bad, but that's not really a problem with the satellites.

varenc 19 hours ago||

If someone is browsing the internet on in-flight wifi, and their DNS requests get leaked this way, I don't really think its the casual airline user's fault for not encrypting their DNS traffic. Modern cell phone data traffic (4G/5G) is all encrypted, so the same unencrypted DNS requests can't just be passively sniffed. Something similar should happen here.

I'd blame the airline or their ISP provider for sending unencrypted traffic through the air like this. Not the satellite, but its top level customer. There's a big difference, IMHO, between your ISP being able to sniff your fiber traffic, and your traffic being observable from ~30% of the globe.

jeffrallen 18 hours ago||

It is the fault of the end user software not protecting them. This is why we have encrypted SNI (promoted by Cloidflare, for example).

mike_d 17 hours ago||

I don't know if you've ever tried to actually use in flight wifi, but any traffic not subject to inspection is heavily throttled to the point of being unusable.

ESNI is also a technology in search of a problem. It does not provide any meaningful security benefits.

jeffrallen 18 hours ago||

This. Bytes on every medium can be snooped. Internetworking means that your bytes go on mediums you don't know about and don't control. There's no such thing as a link where encryption is not needed, except localhost.

OnACoffeeBreak 13 hours ago||

From the Introduction: "Each satellite may carry traffic for dozens of independent networks through an array of on-board transponders, each covering a diameter of thousands of kilometers (at most a third of Earth’s surface)".

Can someone help me understand the use of "diameter" in this sentence. I am guessing it refers to the satellite's signal coverage of the Earth's surface. If that's the case, wouldn't something like arc degrees be a better measure? I just can't figure out how "diameter" can be used to describe a coverage arc or area.

jnovacho 13 hours ago|

They mean the intersection between the cone produced by the satellite and "illuminated" surface. If the antenna beam is normal to the sphere, it will produce a disk which has an diameter.

slow_typist 13 hours ago||

This, and 1/3 of earth’s surface is the maximum you can see from geostationary orbit.

drsopp 18 hours ago||

I wonder why the DOI link on the bottom left of the first page does not work:

https://doi.org/10.1145/3719027.3765198

xucheng 17 hours ago|

It’s quite common for a DOI to be assigned to a paper after it’s accepted during camera ready. However, the DOI won’t work until the conference or journal version is published on the official website (ACM in this case). The version you’re viewing now is simply a preprint directly from the authors.

feraloink 15 hours ago||

Exactly! It says this as one of the 3 reasons for DOIs not found on the error page:

>The DOI has not been activated yet.

modeless 21 hours ago||

> remarkably, nearly all the end-user consumer Internet browsing and app traffic we observed used TLS or QUIC

There was a surprising amount of resistance to the push to enable TLS everywhere on the public Internet. I'm glad it was ultimately successful.

vasco 19 hours ago||

It was only successful because Google said you'd rank higher if you did it.

yujzgzc 19 hours ago|||

It was only successful because of Let's Encrypt removing any excuse for not having HTTPS on your website, HSTS becoming a thing, and Chrome moving from gentle inducements (that cute green padlock) to nasty looking warnings if you didn't use encryption.

vasco 16 hours ago||

No, that was after, and it made it easy, but before google many people said there was no point "because their site wasnt sensitive". Those people didn't care about let's encrypt or how easy it was, they just didn't find a reason to do it. Google gave them a monetary reason to do it.

stephen_g 18 hours ago|||

Which in-turn was driven by the Snowden revelations of what the NSA was doing in terms of mass surveillance.

GuB-42 12 hours ago||

I have a more cynical view of the reason.

It is to protect commercial interests, I don't think that Google cares about the NSA looking at your personal data.

Google cares a lot about protecting the personal data they get from you, so that they and no one else can get it, at least not for free.

Because let's get real, 99% of the time, why do you need encryption? The reason is commercial activity. It is really important to protect your credit card number, otherwise no one would trust e-commerce. For paid service to work, you need to authenticate, and it means encryption, no paywall means no authentication and much less need for encryption. And even with "free" services, you need encryption to protect the account that shouldn't even be required in the first place. As for general communication, my guess is that hackers and governments alike are more interested in financial data than in casual conversation.

So by pushing TLS everywhere, Google is actually pushing for a more commercial, less open web. That it helps with general privacy (except against Google itself) is just a happy accident.

kibwen 10 hours ago||

This is remarkably naive for being self-admittedly cynical. Transmitting all web pages in the clear allows any man in the middle to spy on profile you based on the exact contents of the sites you're visiting. We know for a fact that ISPs were profiling us like this and monetizing this personal data prior to ubiquitous encryption.

fragmede 10 hours ago||

The even more unscrupulous ISPs would outright edit the HTML and images that got sent to you, removing Google's ads and injecting theirs. Which arguably Google would have cared about a lot more.

mike_d 17 hours ago|||

> I'm glad it was ultimately successful.

What are you talking about? It was an absolute failure.

As soon as we got widespread TLS adoption, Cloudflare magically came along and wooed all the nerds into handing over all the plaintext traffic to a single company.

the8472 14 hours ago||

It has improved security, but it has made it less durable. Hosts now need constant maintenance to keep up with changes to TLS policies, certificate renewal protocols and so on.

metalman 13 hours ago|

I think that the risk of anybody achiving a malicious outcome by accessingn these data streams is as spectacularly low as the effort required to get the signal and then figure out some context to the randomised transmissions and then weaponise that is high, very high. Presumably it is GB/sec by however many channels, 99% of it will dry your eyeballs out and quickly render even the most determined spook a quaking quivering mess huddled in the corner of an office screaming " make it stop" the researchers behind this are just showing off, but I will bet any money, nothing but nothing could keep them there going through the worlds slop, which a smart, counter spook would insure was a regular and tantilising portion of the signal to begin with. the issue is that these sattelites are just repeaters, and there is little ryme or reason to the content, and personel good enough to work it, can find much much more profitable things to do.

BertoldVdb 12 hours ago|

A lot of low population density cellular backhaul runs over satellite. Two factor SMS or voice can be directly intercepted, assuming encryption is not used.

More comments...