Seems very odd to list HTTPS. Intercepting traffic which is only encrypted at a different network layer, is not in any meaningful way intercepting unencrypted traffic.
tl;dr: Satellite TV signals were originally unencrypted and one would watch TV for free with a suitable receiver, but the broadcasters didn't like that, resulting in them eventually being encrypted.
By next year encryption will be vastly more prevalent across geostationary satellite links, and it will be entirely due to this research (the actual mechanism being “everyone who ‘knew’ this internally now being empowered to fix it, rather than uselessly ‘know’ it, because now it’s public and newsworthy and embarrassing.”)
I’ll let other people comment on the actual novel elements of the research, because those exist too. But I want to point out that some huge portion of the value of public security research is really “intellectual garbage pickup”: calling out bad technical debt that “everyone knew about” and turning it into actionable security upgrades. Security research is a good part of the reason it’s mostly safe to browse the web on public Internet connections, when it wasn’t a decade ago.
PS As someone who is very cynical about security deployment, even I thought cellular network backhauls would all be encrypted as a matter of course by now, at least in the US.
The paper seems to highlight that the novelty is in their general parser that worked across 39 different GEO satellites, and that it works with a couple hundred dollars of consumer grade equipment. From the paper:
"Our technical contributions include:
(1) We introduce a new method to self-align a motorized dish
to improve signal quality. Specifically, we could receive IP
traffic from 14.3% of all global Ku-band satellites from a single
location with high signal quality and low error rate.
(2) We developed a general GEO traffic parser that can blindly
decode IP packets from seven different protocol stacks that
we observed in our scans. Five of these stacks have never
been reported in any public research we are aware of."
Universally known to whoever wanted to intercept that traffic.
Maybe and hopefully not known to the staff of those networks (the current staff could be maintaining what somebody else set up) as some of those companies fixed the problem when contacted by the researchers.
For sure not known to me and a lot of other people. I believed that everything in digital streams was encrypted. Ok, those ATM connections are probably tech from the 90s, but they probably had upgrades in part because of regulations. Privacy, security, nothing?
It's an interesting problem. The reality is that for any decently-sized business people don't really know their networks. Their assumptions are sane, but often simply incorrect. I've heard a lot of people say things like "well the traffic is not going externally, so it's fine to leave it unencrypted." It's a bold, and almost always unchecked assumption.
It doesn't help that practising even reasonable security comes at such a cost many orgs find reasons to not justify doing it - we've spent decades creating systems that are difficult to secure at every level and hand waving it away and now it's a wobbly jenga tower of systems.
Even when the assumptions are correct, you’re depending on people doing their jobs correctly.
Over the years, I’ve found shockingly bad failures, usually on areas of internal networks where there is ambiguity as to what internal org is responsible. In old companies with data centers and cloud, there’s often pretty bad gaps.
Correct, this is why HTTPS (and encryption in general over the network) has become so popular. This property of traffic being intercepteable is also present in cable traffic as well, it's not hard to intercept traffic, you just find a tap, plug in a cable and observe, it's not even obviously illegal, there are many legitimate reasons to plug in a cable in a tap in the public, so there's a lot of possible alibis.
reply