Category: Antennas

Eavesdropping on Sensitive Data via Unencrypted Geostationary Satellites

Recently, Wired.com released an article based on research by researchers at UC San Diego and the University of Maryland, highlighting how much sensitive unencrypted data many geostationary satellites are broadcasting in the clear.

The researchers used a simple off-the-shelf 100cm Ku-band satellite dish and a TBS-5927 DVB-S/S2 USB Tuner Card as the core hardware, noting that the total hardware cost was about $800. 

Simple COTS hardware used to snoop on unencrypted satellite communications.
Simple COTS hardware used to snoop on unencrypted satellite communications.

After receiving data from various satellites, they found that a lot of the data being sent was unencrypted, and they were able to obtain sensitive data such as plaintext SMS and voice call contents from T-Mobile cellular backhaul and user internet traffic. The researchers notified T-Mobile about the vulnerability, and to their credit, turned on encryption quickly.

They were similarly able to observe uncrypted data from various other companies and organizations, too, including the US Military, the Mexican Government and Military, Walmart-Mexico, a Mexican financial institution, a Mexican bank, a Mexican electricity utility, other utilities, maritime vessels, and offshore oil and gas platforms. They were also able to snoop on users' in-flight WiFi data.

Cellular Backhaul
We observed unencrypted cellular backhaul data sent from the core network of multiple telecom providers and destined for specific cell towers in remote areas. This traffic included unencrypted calls, SMS, end user Internet traffic, hardware IDs (e.g. IMSI), and cellular communication encryption keys.

Military and Government
We observed unencrypted VoIP and internet traffic and encrypted internal communications from ships, unencrypted traffic for military systems with detailed tracking data for coastal vessel surveillance, and operations of a police force.

In‑flight Wi‑Fi
We observed unprotected passenger Internet traffic destined for in-flight Wi-Fi users on airplanes. Visible traffic included passenger web browsing (DNS lookups and HTTPS traffic), encrypted pilot flight‑information systems, and in‑flight entertainment.

VoIP
Multiple VoIP providers were using unencrypted satellite backhaul, exposing unencrypted call audio and metadata from end users.

Internal Commercial Networks
Retail, financial, and banking companies all used unencrypted satellite communications for their internal networks. We observed unencrypted login credentials, corporate emails, inventory records, and ATM networking information.

Critical Infrastructure
Power utility companies and oil and gas pipelines used GEO satellite links to support remotely operated SCADA infrastructure and power grid repair tickets.

The technical paper goes in depth into how they set up their hardware, what services and organizations they were able to eavesdrop on, and how they decoded the signals. The team notes that they have notified affected parties, and most have now implemented encryption. However, it seems that several services are still broadcasting in the clear.

A Small 11.2 GHz Motorized Radio Telescope with TV Dish and RTL-SDR

Thank you to Kaustav Bhattacharjee for writing in and submitting to us his project, where he created a small 11.2 GHz motorized radio telescope with a TV dish and an RTL-SDR. A full description of Kaustav's work can be found in a white paper he wrote on behalf of the Department of Physics at the Indian Institute of Technology Roorkee. In summary he writes:

Briefly put, the hardware Setup comprises a 66 cm parabolic dish, a standard Ku-band LNB with bias tee power injection as the frontend, an RTL-SDR V3 tuned to 1.45 GHz (due to downconversion) as the receiver and a Raspberry Pi 5 handling SDR data (via GNU radio) and stepper motor control (using GPIO pins). A heatmap of the southern sky at 0.9° resolution, showing a belt of geostationary satellites, is the primary result of interest!

We also want to point out that his rotor setup involves several 3D printed gears driven by two NEMA17 stepper motors. However, Kaustav notes that the long term resolution is limited due to cumulative backlash errors from the open-loop control scheme.

Kaustav's 11.2 GHz RTL-SDR Radio Telescope
Kaustav's 11.2 GHz RTL-SDR Radio Telescope
Geostationary satellites visualized with the radio telescope
Geostationary satellites visualized with the radio telescope

A Video on Optimizing VLF Loop Antennas

VLF (Very Low Frequency) refers to signals in the 3–30 kHz range. Software-defined radios like the SDRplay RSPdx can pick up these signals with an appropriate antenna.

Over on YouTube, @electronics.unmessed has uploaded a video showing how you can build a high-performing VLF loop using a single loop of wire and a balun. The one-turn design results in a naturally low impedance at low frequencies. A balun is then added to step up the impedance, resulting in impedance compatibility with an SDR.

The video explains the concepts behind VLF loops using an equivalent circuit model and shows how conductor thickness offers little benefit above 10 kHz (though wide sheet conductors can add ~3 dB), larger loops scale with area but 2 m is a good indoor compromise, extra turns help small loops but underperform a single turn with a proper transformer, and alternative ferrite mixes give little improvement over standard choke cores. Ultimately, it is concluded that a one-turn loop with a well-chosen balun is one of the most effective designs.

If you're interested in similar content, there are also several other interesting videos on the @electronics.unmessed channel about VLF antennas, mag loop antennas, SDR reception, and more.

VLF Loop - What really Matters? (EP172)

Decoding ADS-C with a Cheap Aliexpress LNB and SDRplay RSP1B

Thank you to Nagy István for sharing with us his setup for decoding ADS-C with a 180cm prime focus dish, a cheap Aliexpress LNB, an Aliexpress bias tee, and an SDRplay RSP1B.

István receives the ADS-C signal from the Inmarsat 4A-F4 satellite, which he can see from his home in Hungary. 

István also notes the following information about the Chinese LNB:

This LNB original for DVB reception, but it works on Inmarsat reception, 3.6Ghz where ADS-C signals are, without any modification... But sometimes you need correcting frequency because of LNB oscillator drifting. I don't use dielectric plate, I don't have any material for this, at the moment.

Compared to ADS-B, which continuously broadcasts an aircraft’s GPS position and velocity to any ground station or nearby aircraft, ADS-C instead sends position reports via satellite, and is especially used over oceans and remote areas without ADS-B ground receivers.

However, ADS-C is relatively complex for hobbyists to receive due to the need for a large satellite dish and LNB to convert the 3.6 GHz frequency down to a frequency receivable by most SDRs. However, fortunately, as István shows, the LNB can be obtained cheaply these days.

Inmarsat ADS-C decoding with Jaero and Virtual Radar

ADS-C Being Received with an 1.8m dish, cheap Aliexpress LNB and SDRplay RSP1B.
ADS-C Being Received with an 1.8m dish, cheap Aliexpress LNB and SDRplay RSP1B.

WOW@Home: A Global Network of RTL-SDR Based Radio Telescopes Looking for Alien Technosignatures

The Wow! signal is a famous, strong, and unexplained radio signal detected in 1977 by the Big Ear radio telescope in Ohio, lasting 72 seconds and appearing to originate from the constellation Sagittarius. Its origin remains unknown, with some speculating that it could be an extraterrestrial technosignature. Upon reviewing the signal data, Astronomer Jerry R. Ehman discovered the powerful signal burst in the readout and wrote a large "Wow!" next to it, unintentionally coining the name.

Wow@Home is a new project that aims to coordinate a network of small radio telescopes globally, in the hopes of increasing our chances of detecting interesting astrophysical and technosignature events, such as the Wow! event.

A network of small radio telescopes offers several distinct advantages compared to large professional observatories. These systems are low-cost and can operate autonomously around the clock, making them ideal for continuous monitoring of transient events or long-duration signals that professional telescopes cannot commit to observing full-time.

Their geographic distribution enables global sky coverage and coordinated observations across different time zones, which is especially valuable for validating repeating or time-variable signals. Coincidence detection across multiple stations helps reject local radio frequency interference (RFI), increasing confidence in true astrophysical or technosignature transient events.

These networks are also highly scalable, resilient to single-point failures, and capable of rapid response to external alerts. Furthermore, they are cost-effective, engaging, and accessible, ideal for education, citizen science, and expanding participation in radio astronomy.

However, these systems also come with notable limitations when compared to professional telescopes. They have significantly lower sensitivity, limiting their ability to detect faint or distant sources. Their angular resolution is poor due to smaller dish sizes and wide beamwidths, making precise source localization difficult.

Calibration can be inconsistent across stations, and frequency stability or dynamic range may not match the performance of professional-grade equipment. Additionally, without standardized equipment and protocols, data quality and interoperability can vary across the network.

Despite these constraints, when thoughtfully coordinated, such networks can provide valuable complementary observations to professional facilities.

The team note that the Wow! signal was strong enough that it could have been detected by a small home radio telescope. They go on to make the case that we could be missing out on detecting many compelling signals simply because radio telescopes aren't watching every part of the sky simultaneously. 

The project will monitor the Hydrogen Line frequency for interesting signals. Currently, the team is using a WiFi grid dish and an external LNA as the radio telescope hardware, but they also aim to evaluate our Discovery Dish with H-Line feed.

Wow@Home Typical Radio Telescope Hardware
Wow@Home Typical Radio Telescope Hardware

Saveitforparts: Receiving NOAA-15 One Last Time

Over on YouTube Gabe from the saveitforparts channel has uploaded a new video discussing the decommissioning of NOAA-15 and NOAA-19. We also previously posted about this topic a few days ago, if you are interested.

NOAA-15 was scheduled to shut down on August 12, 2025, but due to anomalies with NOAA-19, the decommissioning date of NOAA-15 has been extended by a few days until the week of August 18th. NOAA-19 has recently been experiencing transmitter failures, and it may be impossible to receive signals from it at the moment, despite its expected decommissioning date of August 19, 2025.

In the video, Gabe also rushes to try and receive signals from all transmitters on NOAA-15 one last time, setting up VHF, L-Band, and S-Band receivers. He experiences some issues with weak signals, interference, and recording failures, but ultimately succeeds in capturing all three signals during one of the final passes of NOAA-15.

US Government Shutting Down More Weather Satellites

Tech Minds: Testing out Discovery Dish for Inmarsat and Hydrogen Line Radio Astronomy

Over on YouTube Matt from the Tech Minds YouTube channel has recently uploaded a new video where he tests out our Discovery Dish antenna. Discovery Dish is designed to be a low-cost, portable solution for receiving L-band and S-band weather satellites, Inmarsat satellites, conducting amateur hydrogen line radio astronomy, and more.

In the video, Matt unboxes the Discovery Dish and provides an overview of the build process before demonstrating its use in decoding AERO and STD-C messages on Inmarsat. He then shows the dish and Inmarsat feed being used to receive Iridium satellites, and how they can be decoded using iridium-extractor with a HackRF or Airspy R2.

Finally, Matt swaps out the Inmarsat feed for the Hydrogen Line feed. Using SDR#, the IF AVG plugin, and Stellarium, he was able to obtain a clear hydrogen line peak.

This Discovery Dish Is The ONLY Satellite Dish You Will Need!

Decoding Inmarsat AERO 1545 MHz with a Backfire Helix and JAERO

Thank you to Nagy István for writing in and sharing with us his video showing how he uses a home-made backfire helix antenna and the JAERO software to receive and decode Inmarsat Aero at 1545 MHz. AERO messages are a form of satellite ACARS, typically containing short messages from aircraft, and some channels also support digital voice communications.

The backfire helix is an antenna design that consists of a helically wound wire, typically wound around a 3D-printed frame, attached to a large backplane. Recently, a similar design called a 'heliocone' has become popular for use with 1.7 GHz polar orbiting satellites.

In the video, Nagy shows two designs, one of his own and the other by Digitalelektro, and the good SNR that he's achieved with them in JAERO.

Inmarsat Aero 1545Mhz decoding with Backfire helix / JAERO software