T-Mobile customers in remote areas had their phone calls and text messages broadcast through space without any protection, and researchers were able to listen in using basic equipment that cost less than a thousand dollars.
A team from UC San Diego and the University of Maryland spent three years pointing a satellite dish at the sky and discovered that T-Mobile was sending customer communications over satellites without encryption. According to Android Authority, the researchers intercepted actual call recordings, text message content, and phone numbers from more than 2,700 T-Mobile users.
The security gap existed because T-Mobile used satellite connections to link cell towers in areas where running cables isn’t practical. While satellite TV has been encrypted for decades, these industrial satellite connections weren’t protected at all. The researchers found that roughly half of all the satellite signals they scanned were completely unencrypted, including data from airlines, banks, and even military communications.
T-Mobile fixed the problem after researchers alerted them in December 2024. The company says the issue only affected a small number of cell sites in remote, low-population areas and wasn’t related to their newer satellite phone service. They’ve now added nationwide encryption to protect customer data as it travels through their network.
The research shows that what seemed impossible to intercept was actually wide open to anyone willing to look. One of the lead researchers put it simply: companies “just really didn’t think anyone would look up.”
Source: Android Authority