From, the paper: https://satcom.sysnet.ucsd.edu/docs/dontlookup_ccs25_fullpaper.pdf

Geosynchronous (GEO) satellite links provide IP backhaul to remote critical infrastructure for utilities, telecom, government, military, and commercial users […]

There are thousands of GEO network links in operation today, carried by 590 GEO satellites orbiting Earth. Each satellite may carry traffic for dozens of independent networks through an array of on-board transponders, each covering a diameter of thousands of kilometers (at most a third of Earth’s surface). GEO IP links are established by leasing time on a transponder and aiming dishes for Earth-based terminals and hubs at that transponder. The ecosystem of equipment to support IP-based GEO links is mature and heterogeneous: at least 10 different vendors sell terminal and hub systems that each use their own proprietary protocol stacks to provide GEO networking.

These companies are leasing these satellite links for various purposes and then transmitting their network data over the links with no encryption. You can, for about $600 and some software (https://github.com/ucsdsysnet/dontlookup) read this data.

The researchers discovered data from US Military, Walmart-Mexico, AT&T, Government of Mexico, TelMex, Grupo Santander, Intelsat, Panasonic Avionics, WiBo, KPU. The researchers disclosed the vulnerability to all of these entities between 2024 and 2025.

Someone (I don’t know who but T-Mobile is the only cellular carrier in their list…) was transmitting call and text data, in plaintext:

When we unexpectedly discovered unencrypted voice and SMS communications in our data, we ceased collection on those transpon- ders, encrypted the relevant data, and consulted again with our lawyers, who helped facilitate disclosure with affected vendors.