- Researchers intercepted T-Mobile call and text data using an $800 off-the-shelf satellite setup.
- Around half of the satellite links they scanned were unencrypted, including military data.
- T-Mobile fixed the issue after being alerted in December 2024, and told us that only a limited number of cell sites in remote, low-population areas were affected.
Update: October 14, 2025 (2:00 PM ET): Following publication of the original article below, T-Mobile contacted us to provide the following statement:
“T-Mobile immediately addressed a vendor’s technical misconfiguration that affected a limited number of cell sites using geosynchronous satellite backhaul in remote, low-population areas, as identified in this research from 2024. This was not network-wide, is unrelated to our T-Satellite direct-to-cell offering, and we implemented nationwide Session Initiation Protocol (SIP) encryption for all customers to further protect signaling traffic as it travels between mobile handsets and the network core, including call set up, numbers dialed and text message content. We appreciate our collaboration with the security research community, whose work helps reinforce our ongoing commitment to protecting customer data and enhances security across the industry.”