XPost: talk.politics.misc, alt.security, alt.fan.rush-limbaugh   
   From: robin_listas@es.invalid   
      
   On 2026-01-22 04:38, c186282 wrote:   
   > On 1/21/26 21:00, Carlos E.R. wrote:   
   >> On 2026-01-22 00:19, c186282 wrote:   
   >>> On 1/21/26 16:42, Carlos E.R. wrote:   
   >>>> On 2026-01-21 00:51, c186282 wrote:   
   >>>>> https://techxplore.com/news/2026-01-sky-full-secrets-glaring-   
   >>>>> vulnerabilities.html   
   >>>>>   
   >>>>> With $800 of off‐the‐shelf equipment and months' worth of patience,   
   >>>>> a team of U.S. computer scientists set out to find out how   
   >>>>> well geostationary satellite communications are encrypted. And   
   >>>>> what they found was shocking.   
   >>>>>   
   >>>>> Close to half of the communications beamed from satellites to   
   >>>>> the ground that the researchers were able to listen in on were   
   >>>>> not encrypted. This included sensitive data including cellular   
   >>>>> text messages, voice calls,   
   >>>>   
   >>>> SMS were never encrypted. I think voice calls between the towers and   
   >>>> the terminals were encrypted (I read somewhere long ago that they   
   >>>> used the example configuration for encryption, so the key was   
   >>>> known). The communications between the towers and the exchanges were   
   >>>> not encrypted, unless radio transmission systems employed some   
   >>>> encryption of their own.   
   >>>>   
   >>>> Can't confirm any of this currently, but it was correct around year   
   >>>> 2000.   
   >>>   
   >>>    At least cell towers are kind of "local" - however   
   >>>    this involves the geostationary relay sats, meaning   
   >>>    anyone with an antenna kind of a third of the way   
   >>>    around the globe can tune in to the rebroadcast.   
   >>>   
   >>>    So, you move funds from your Credit Suisse acct to   
   >>>    Bank Of America in NYC, spies in Iceland, or Paraguay,   
   >>>    can maybe grab all your numbers.   
   >>>   
   >>>    This is like 1980 thinking, back when the net was tiny   
   >>>    and only a few 'professionals' sent important stuff back   
   >>>    and forth. Security ? Who NEEDS it ???   
   >>   
   >> I am only talking of SMS and phone calls. The standards are old, it   
   >> was considered impossible to access the cables carrying the trunks.   
   >> Technology was naive.   
   >   
   >    SMS ... CAN be important for 'authentication', but mostly   
   >    we're just looking at a code people are supposed to enter   
   >    into a site within minutes.   
   >   
   >    Voice calls ... more likely to have important info for   
   >    biz/corporate espionage and even for military. In 60   
   >    seconds someone can speak a LOT of important details that   
   >    can give competitors, or aggressors, an edge.   
      
   Certainly, but the standard for voice and SMS are not encrypted.   
      
   The digital exchanges simply have not the power needed to encrypt all   
   conversations. Encryption has to be done at the client, if he cares enough.   
      
   Nowdays, RCS, which is the successor to SMS, is encrypted at the client.   
      
   >   
   >> At some point probably they thought that the transmission department   
   >> would do the encryption when possible and advisable. The switching   
   >> department needed the trunks in the clear. The available machines   
   >> could not do encryption.   
   >   
   >    Typical disconnect ... too many players along   
   >    the entire chain.   
   >   
   >> I don't know if the new methods using VoIP use encryption.   
   >   
   >    Good question. It it's at least https encoded then there's   
   >    a fair advantage. I'll have to check to see whether modern   
   >    VOIP actually uses secured packets. HTTPS probably CAN be   
   >    decoded these days ... but there may be a time delay and   
   >    CPU penalty that renders the info mostly useless for biz   
   >    purposes - maybe less so for military secrets.   
   >   
   >    In any case, it's obvious that there's no unified effort   
   >    to make sure comms are 'secure'. This is VERY bad in the   
   >    modern environment.   
      
   AFAIK it is still up to the client.   
      
      
   --   
   Cheers, Carlos.   
   ES🇪🇸, EU🇪🇺;   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)