Unencrypted Data in Orbit
Space. It’s called the final frontier, where no one has gone before. Well, it seems like data encryption has yet to make that one small step for consumer kind, as a new study reveals.
Research from the University of California and the University of Maryland have found that of 39 scanned satellites – which carry communications from mobile phone providers, retailers, banks, militaries and more – only half were transmitting encrypted data. Among the exposed information were calls, texts, ATM transactions and military and law enforcement communications from the US and Mexico. Telecoms like T-Mobile and AT&T Mexico use these satellites that relay signals back to their core networks.
Researchers had little trouble discovering this unencrypted traffic. For the low cost of $750, they purchased all the hardware required to collect this information from the top of a university building. After nine hours, the researchers had discovered the phone numbers of over 2,700 T-Mobile customers (with some of their communications), as well as unencrypted military communications After notifying affected parties, the team scanned the satellites again and confirmed that fixes were now in place.
As if people didn’t have enough cause for concern with their earthbound data. Sounds like in the matter of data encryption, it’s less “to infinity and beyond” and more “infinity and not quite there.” According to the study’s lead, Aaron Schulman, the satellite operators relied on their remote distance as the sole form of security: “They just really didn’t think anyone would look up.” Hence the name of the report, “Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites,” which references the Netflix movie of the same name.
Stating the obvious perhaps, but a major reason for organizations to be caught slacking with unprotected data is financial: simply wanting to avoid the extra cost of encryption. Organizations also have concerns about performance slowdown due to any potential interference from encryption software. Such is the opinion of the researchers, as well.
When you’re looking to protect such data in transit, cutting corners leads to headlines. However, the same applies for data at rest. For a solution that is both cost effective and has virtually no impact on performance. NetLib Security’s Encryptionizer product works right out of the box with no additional programming required, across the physical, virtual and cloud environments. Encryptionizer transparently encrypts stored data on servers, legacy systems, devices and distributed applications. Take one small step for your organization with a free eval here.