Security and Privacy Issues of Satellite Communication in the Avlatlon Domain

Modern aviation systems increasingly use satellite channels for data communication. However, many SATCOM providers do not offer encryption below the application layer by default, making their services vulnerable to eavesdroppers and creating security concerns. This research analyses such vulnerabilities specifically with regard to the aviation domain. We show that even low-resourced attackers can exploit this lack of security. We capture a broad range of SATCOM transmissions in the Ku-Band frequencies using a TV Tuner Card and widely available low-budget equipment for under 400 US dollars. Over 370 GB of aviation-related satellite-downstream data from high-throughput satellites were analysed from a measurement site in Central Europe. The results of this campaign reveal both security and privacy concerns across the whole spectrum of the industry. We identify unencrypted SATCOM usage comprising usage from in-flight entertainment systems to leaked private encrypted keys. Furthermore, we identified 328 specific aircraft broadcasting their live operations, including three government aircraft that actively blocked any information on their flights from air-traffic tracking sites. This work concludes with recommendations for both satellite service providers and aviation stakeholders on how these issues could be solved by using encryption at different network layers.