Intelsat 19 Unencrypted Satellite Internet Traffic Decoded With GSExtract (IP over DVB)

DVB stands for 'Digital Video Broadcasting' and is an international open standard for digital television. Conceptualized in the late 1990's and fully adopted by the public in the early 2000's, it has become the de facto standard for the transmission and reception of digital TV worldwide.

DVB-S is the satellite TV variant of this standard and facilitates the delivery of television transmissions from geostationary orbiting satellites to customers on the surface of the earth equipped with adequate receiving hardware, such as satellite dishes and dedicated set-top boxes.

In addition to the satellite TV broadcast's contained inside the MPEG transport stream container format, IP traffic can also be piggybacked on this transmissions. Electronic program guides, set-top box firmware updates and even internet connections can be beamed down from the satellites to earth for customers and subscribers.

In the modern day of satellite IP traffic delivery, GSE, or 'generic stream encapsulation' is generally used for piggybacking data into these DVB-S downlinks. GSExtract is a python tool for Linux coded by James Pavur and released during his BlackHat 2020 presentation on satellite security. It was developed with the intention of unpacking GSE encapsulated packets and decoding their contents.

So in this video, I am showing how unencrypted IP traffic can be captured from Intelsat 19 (location 166 degrees east) using an old 90cm offset dish, a Ku-band LNB and a USB attached DVB-S receiver box. I am using the software called 'EBS Pro' in Windows 10 to tune into the desired transponder and using it's 'TS dump' feature, I record the GSE encoded packets to a file.

On my DragonOS Linux machine, I then use GSExtract's '--stream' argument to essentially decode the incoming GSE packets in almost real time, and view their contents in Wireshark with the aid of the 'tail' command. Tail will read the .pcap file and pipe the decoded the output to Wireshark at regular intervals.

I was very surprised to see that there is basically little-to-no encryption on this internet traffic. This is obviously a major security and privacy risk. So, if any of my viewers are customers of Intelsat's internet service provider, they should definitely use a VPN solution to secure their networks. Or even better, bring it to the attention of Intelsat's customer service department that your internet traffic is being beamed down to a large portion of earth's surface completely open and unencrypted.

Thanks for reading and watching.

DISCLAIMER:
THIS VIDEO WAS MADE FOR THE PURPOSES OF EDUCATION AND EXPERIMENTATION ONLY! INTERCEPTING INTERNET TRAFFIC FROM SATELLITE DOWNLINKS THAT WASN'T INTENDED FOR YOU IS ILLEGAL AND PUNISHABLE BY HEFTY FINES AND IMPRISONMENT. YOU HAVE BEEN WARNED!