Satellites Are Broadcasting America's Secrets. For About $750 Worth of Hardware.
Space Force just created two new cyber squadrons for space launch security. The reason: $750 in consumer electronics can intercept the satellites already up there.
Space Force just created two new cyber squadrons for space launch security. The reason: $750 in consumer electronics can intercept the satellites already up there.
That $750 figure comes from a three-year study by researchers at UC San Diego and the University of Maryland. From a San Diego rooftop, they spent nine hours scanning 39 satellites in low Earth orbit with off-the-shelf hardware — a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card. They collected 2,700 phone numbers from T-Mobile users, along with some of their calls and texts. They intercepted unencrypted internet traffic from US military sea vessels Gizmodo. They picked up communications from Mexican military and law enforcement units, including traffic related to narcotics trafficking investigations. Roughly half the signals they analyzed were transmitting unencrypted data UCSD SatCom Security Study.
This is like having an open Wi-Fi network, one of the researchers told WIRED. Except nobody's encrypting it.
The ViaSat attack showed what this looks like weaponized. In February 2022, Russia launched a cyberattack against ViaSat's KA-SAT network — the same commercial infrastructure Ukrainian military forces used for command, control, and drone operations. The attack knocked out modems across Europe. Ukrainian military logistics went dark. The US State Department formally attributed the attack to Russian military intelligence, and the disruption to Ukrainian drone operations was a direct force multiplier in a kinetic conflict.
Four years later, most satellite operators have not broadly adopted encrypted backhaul. The architecture remains largely unchanged. T-Mobile confirmed to the researchers that a vendor had misconfigured the satellite link on their network, and the configuration was patched. That closed one hole. It did not close the architecture problem.
The intelligence community has been explicit. In its 2026 Annual Threat Assessment, the Director of National Intelligence stated that adversaries are using jammers against US satellites and that cyber risks to satellite communications are growing. In March 2026, the NSA and Five Eyes partners — Australian Signals Directorate, Australian Space Agency, Communications Security Establishment Canada, and National Cyber Security Centre New Zealand — issued joint guidance specifically on securing low Earth orbit satellite communications. It is the first multi-government document of its kind for this attack surface. That same month, Space Force established two new cyber squadrons via Breaking Defense tasked with defending launch operations from satellite hijacking and malware in ground systems.
There is currently no mandatory encryption standard for commercial satellite backhaul. Defense contractors face Cybersecurity Maturity Model Certification requirements for Department of Defense work. Commercial satellite operators have no equivalent mandate. The NSA-Five Eyes guidance recommends but does not require encrypted backhaul for commercial operators.
Some operators are trying. ViaSat's HaloNet program is a reprogrammable space-qualified cryptographic engine designed to distribute encryption keys dynamically. It is the right technical direction. It is one company's solution, and it is not yet widely deployed.
According to ESA, roughly 17,000 artificial satellites orbit Earth today, a number growing rapidly as mega-constellations expand. The attack surface is not theoretical. It is already in orbit, already transmitting, and already unencrypted in roughly half of cases.
The question is not whether the vulnerability exists. It does. The question is how long the industry and its regulators take to close it.
