T-Minus Space Daily — UKSA Adds to its Space Tracking Capabilities

Podcast Host: Maria Varmazis (N2K Networks)
Guest: Brandon Karpf (Founder, T-Minus Space Daily; Cybersecurity Expert)
Date: October 28, 2025

EPISODE OVERVIEW

This episode covers the UK Space Agency's (UKSA) selection of Slingshot Aerospace to enhance the nation's satellite tracking infrastructure, major developments in the international space sector, and a deep dive with cybersecurity expert Brandon Karpf into alarming findings about unencrypted satellite communications. The discussion highlights critical vulnerabilities, the need for basic cybersecurity practices in space operations, and the broader geopolitical implications of these lapses.

HEADLINE NEWS

(00:10–08:03)

UKSA’s Expanding Space Surveillance

• Slingshot Aerospace contract:
  • UKSA has chosen Slingshot Aerospace to provide an optical sensor network for boosting the UK’s satellite tracking capacity.
  • Slingshot operates 204 sensors in 21 locations across 5 continents.
  • New deployment: 13 more optical sensor systems will be set up at 5 global sites.
  • These sensors will track satellites, space debris, and near-Earth objects (asteroids, comets).
  • Partnering with Badr Planetarium to outfit each site with robust, autonomous all-sky domes.
  • Quote:
    • “This sensor network is critical to our mission of protecting UK and allied interests in space and on Earth and ensuring that space remains safe and sustainable.”
      —Angus Stewart, Head of the National Space Operations Centre (04:21)

Additional Notable Headlines

• Photonic AI chips to the ISS:
  • University of Florida, collaborating with NASA, MIT, and European partners, has AI-enabled photonic chips headed to the ISS via JAXA’s HTB X1.
  • Part of NASA’s MISSI program, testing next-gen computing in low Earth orbit (04:48–05:45).
• Artemis Accords new signatories:
  • The Philippines and Malaysia joined the Artemis Accords, raising signatories to 59 (05:50).
  • US President Trump secured new Asian trade deals and space commitments (06:09).
• Chinese commercial launch progress:
  • Space Pioneer completed a 36-satellite separation test on Tianlong 3; aiming for its maiden flight by late 2025 (06:38).
• Advancements in orbital construction:
  • Space Robotics Workers to demo modular robotic truss systems for orbital assembly using Spacedock’s interface (07:29).

FEATURED INTERVIEW: SATELLITE CYBERSECURITY CRISIS

(09:26–21:51)

Research Bombshell: Cleartext Data on Satellite Links

Guest: Brandon Karpf
Topic: A new research study revealed over half of geostationary satellite traffic was unencrypted.
Key Segment: 09:36–21:51

Summary of the Issue

• University of Maryland and UCSD researchers found >50% of traffic from nearly 40 GEO satellites was in cleartext.
• Data included law enforcement communications, telecom data (T-Mobile, AT&T), corporate secrets, ATM infrastructure details, inflight Wi-Fi data, and even private RSA keys.
• Research spanned three years and collected 3.7 terabytes of passively intercepted data using <$600 in off-the-shelf equipment.

Notable Quotes & Insights

• Karpf’s Self-Reflection (09:36):

  • "For months now I've been encouraging you to start thinking about how you can transfer as much of your backbone traffic to a satellite architecture... And just two weeks ago, University of Maryland and UC San Diego released a fantastically terrifying and disappointing research report about the fact that almost all of the, I mean more than 50% of the traffic they were able to measure from geosatellites was being sent in the clear like cleartext, no encryption whatsoever." (09:36)

• Varmazis’ Reaction (10:40):

  • "I remember in our editorial meeting, I think there was some stunned silence and a lot of reading going. Wait a second, that's not supposed to be happening." (10:40)

• Karpf on Methodology (10:59):

  • "They collected literal terabytes and terabytes of data using $600 of commercial, you know, off the shelf equipment that anyone could buy... They were just listening passively." (10:59)

• On the Scale (11:46):

  • "They scanned 39 different satellites, 411 different transponders... more than 50% of the links were broadcasting in the clear, like sensitive data in total clear text." (11:46)

• Details of Sensitive Data (11:52):

  • "Law enforcement, telecom information from like T-Mobile, AT&T and others, corporate and financial secrets... WI FI was part of this, including servers, private RSA keys being sent over in the clear." (11:52)

• Why Wasn’t Traffic Encrypted? (12:34):

  • "I also assumed... that all of this was being encrypted, that the service providers here were doing the bare minimum in terms of securing, at least at the transport layer..." (12:34)

• The Blame Game (14:10):

  • "The challenge here is people will want to blame the satellite service providers... However, the encryption regardless is going to happen on the ground by the users. So I would say part of it is the standards of the service providers, the satellite service providers themselves. And then even more of it though is all of these organizations who are relying on... satellite communications for their infrastructure… not implementing the standard of basic, I mean basic, basic level encryption." (14:10, 15:04)

• Geopolitical Implications (15:51):

  • "My mind boggles a little bit thinking about the geopolitical implications of this, of what may have been able to, you know, be leaked or sniffed up..." (15:51)

• Attack Risk & Heartbleed Analogy (16:06):

  • "This reminds me of Heartbleed in 2014... Not everyone is using satellite for comms and for backhaul. However, anyone who is... a significant number of industries, a significant number of organizations, they need to check what is being sent in the clear, what is being sent cryptographically secure. And based on this research, it seems like the majority is not being sent secure, which is a huge issue because this was just research done in one little region of... one view of the night sky." (16:06)

• How Easy Was It to Fix? (18:57):

  • "When they notified T Mobile of this... in just nine hours capture over 2,700 unique phone numbers and their SMS messages, voice call data... within like 30 days T Mobile had implemented encryption on those links, which means that they could have been doing it the whole time." (18:57)

• Why Isn't It Being Fixed More Broadly? (19:24):

  • "There is a cryptographic overhead... But at the end of the day there are so many good technologies out there for implementing modern encryption that that's not really an excuse. So I think it's a market issue. It's just the users here are not demanding it, the providers are not making it a core part of their security infrastructure... The governments... are not demanding it very clearly." (19:24)

• On Accountability (20:44):

  • "I was heartened by the EU Space act from over the summer or at least the proposed where they were going to hold executives personally liable for lapses of compliance. I think that that type of control is really the, I mean collective action against these organizations who aren't taking this seriously enough to implement the most basic forms of encryption..." (20:44)

Key Takeaways

• Basic encryption is not being implemented on critical satellite links by a variety of industries (telecom, retail, finance, utilities, law enforcement).
• The failure is due to lax standards by both providers and customers, uninvolved regulatory policy, and a lack of market demand for proper security controls.
• Passive, remote interception of sensitive global data is possible with trivial equipment — an enormous vulnerability.
• Once pressed, companies can implement encryption quite rapidly, showing the problem is one of will rather than capability.

OTHER NOTABLE SEGMENTS

International Collaboration on Space Tech

(23:01–24:54)

• The Webb Space Telescope had a focusing issue fixed by Australian PhD students using a software algorithm (not a spacewalk).
• Their “Amigo” tool corrected electronic distortion, restoring crisp capability to JWST’s AMI instrument.
• Both students commemorated their success with tattoos of the instrument.

CONCLUSION & FINAL REMARKS

(25:02–end)

• Host Maria Varmazis emphasizes the crucial role of cybersecurity in space as nations and industries become more reliant on satellite services.
• The episode highlights the delicate balance between innovation, convenience, and the non-negotiable need for basic security protocols — especially given the far-reaching risks of unsecured space infrastructure.

USEFUL TIMESTAMPS FOR IMPORTANT SEGMENTS

• [01:37] — Introduction & headlines
• [04:21] — UKSA’s tracking upgrade announcement & Angus Stewart’s quote
• [09:36] — Brandon Karpf joins for satellite cybersecurity segment
• [10:59] — Details on interception methodology
• [11:46] — Type and scale of data intercepted
• [14:10] — Who is responsible for the lack of encryption?
• [16:06] — Analogous vulnerabilities & risk landscape
• [18:57] — How quickly encryption responded after notification
• [20:44] — Policy and accountability discussion

MEMORABLE QUOTES

• “For months now I’ve been encouraging you to start thinking about how you can transfer as much of your backbone traffic to a satellite architecture… [but] more than 50% of the traffic...was being sent in the clear like cleartext, no encryption whatsoever.”
  —Brandon Karpf (09:36)

• “This sensor network is critical to our mission of protecting UK and allied interests in space and on Earth and ensuring that space remains safe and sustainable.”
  —Angus Stewart, UKSA (04:21)

• "There’s nothing but just holding these organizations to account."
  —Brandon Karpf (21:32)

OVERALL TONE

The episode maintains an informative and urgent tone, especially during the cybersecurity discussion. The speakers blend expert analysis, industry insight, and some incredulity at the ease with which critical infrastructure is being compromised — urging listeners to act on the basics before rushing further into the “space-enabled” future.