Your T-Mobile data might’ve been broadcast for anyone with hobbyist hardware to intercept

In an eye-opening privacy revelation, it turns out some of the world’s most sensitive communications were far less secure than you’d hope. A team of researchers has shown that even major carriers like T-Mobile were broadcasting calls and text messages over satellites without encryption. All it took to intercept them was around $800 worth of off-the-shelf hardware.

According to a study by researchers at UC San Diego and the University of Maryland, as reported by Wired, roughly half of all geostationary satellite signals they scanned were sent unencrypted. Over the course of three years, the team, led by UCSD professor Aaron Schulman, pointed a standard satellite dish at the sky from a building in La Jolla, California, and recorded data from 39 satellites. What they found was unprotected T-Mobile phone calls and SMS messages, airline Wi-Fi activity, corporate and banking data, and even US and Mexican military communications.

The researchers were able to capture real T-Mobile call audio and text content, as well as metadata such as phone numbers, for more than 2,700 users. They disclosed the issue to T-Mobile in December 2024, after which the company quickly added encryption to those links. The team also intercepted traffic from other North American networks, including AT&T Mexico and Telmex, along with internal data from Walmart Mexico and the Mexican military.

While satellite TV streams have been encrypted for decades, the study found that many private and industrial satellite networks still send data in plain view, apparently assuming nobody would try to listen in. As Schulman put it, “They assumed that no one was ever going to check and scan all these satellites and see what was out there.” Emphasizing the point, he added, “They just really didn’t think anyone would look up.”