Is it safe to pay bills over satellite internet?

Question

We bought a house. We need internet for basic research, email and paying bills, but there is no internet... Even a dedicated hotspot will not give us a stable connection. We are planning to get satellite internet.

Is it safe to pay bills and access accounts through this? Specifically, should we be be concerned that someone can just snag our signal out of the air and steal our information? I know anything is possible, but is it likely? My wife is concerned and I need some answers to assure her...

Keep in mind we are out in the middle of nowhere, there is not any other service providers out here and our cells have spotty reception...

why do you think that internet in the middle of a city or on your phone is safer? — schroeder, Oct 07 '19 at 16:12
I don't... She doesn't want to use Cell-tower based service to pay bill either. We never use a hotspot that we didn't set-up. If you computer is configured correctly, I have always been led to believe that a wired connection is always safer than an "over the air" coinnection. — user2429794, Oct 07 '19 at 16:14
Internet on satellite is not safe, neither is it safe on a phone or on broadband city ISPs. Signals can be stolen at any point. — schroeder, Oct 07 '19 at 16:16
I am not looking for an "absolute" answer. More of a likelihood answer. — user2429794, Oct 07 '19 at 16:16
How likely is it that someone taps your cable loop down the street? A wired connection is certainly not inherently more secure than a wireless one! What is the threat model? Someone stealing your credit card number? — trognanders, Oct 08 '19 at 06:45
I hope all bill payments use two factor authorisation (preferable with a chip TAN generator), but I'm told that for some banks in the United States, this may not be the case. Online credit card payments are now (universally?) using 3DSecure/Verified by Visa too? — gerrit, Oct 08 '19 at 07:49
FYI, cell tower based service is not the same as public WiFi. The process of authenticating whether your phone can use the service (via your SIM card or similar) also encrypts the signal between you and the cell tower: https://security.stackexchange.com/questions/21395/how-is-4g-lte-encrypted. Also, unlike WiFi, you cannot use cell internet to talk to other phones connected to the same tower. — TheHans255, Oct 08 '19 at 17:08
Great Question! Satellite connections to the internet are no more or less safe than any other wireless connection you mentioned. When I lived in the country, my neighbor had Satellite internet. The provider had "something" in their firewall that prevented access to some sites. He also had trouble with the wind pushing the dish slightly out of alignment. — Scottie H, Oct 08 '19 at 22:45
It's worth pointing out that the nuclear arsenal of the United States is controlled, in part, via satellite connections. — MooseBoys, Oct 09 '19 at 00:57
being more afraid of satellite vs something else, in your case, means that you think someone is going to come next to your house, or fly an aircraft between your house and the geo satellite, and intercept your signal. — Eagle1, Oct 10 '19 at 02:18

score 219 · Answer 1 · answered Oct 07 '19 at 16:21

219

Satellite is not safe. Neither is cell data, wifi, or cable Internet. None of it is safe at the layer that you are talking. And that's not the layer that needs to be safe.

It's the data that goes over satellite (or wifi, cell, or cable modems) that needs to be secured. That's why we have HTTPS, that little green lock on your browser (it's gone now on most browsers and just grey now because HTTPS is pretty much everywhere).

So your choice of internet provider's media is not what's important in your situation. It's whether you use encrypted sites over that media.

answered Oct 07 '19 at 16:21

schroeder

123,438
55
284
319

9

Thank you. That is what I was looking for. I'm not talking about absolute. The world is not black and white. Everything has risks. It is all about the likelihood of using X vs using Y. She is worried that (all else being equal) using a satellite based internet service is inherently less safe than a wired internet service provider. I just need to be able to explain to her whether that is true or false and why. – user2429794 Oct 07 '19 at 16:25
73

And the answer, from a world-leading expert in cybersecurity, is that the choice of satellite over cable doesn't matter. It is *all* like sending postcards through the mail. Anyone along the path could read it all. That's why you need to encrypt the messages in secure envelopes and superglue; and that happens with encryption. – schroeder Oct 07 '19 at 16:28
Are there are good articles online that I can send her? Or anything in particular that I should google about this? My word only has "some" weight. The web is so full of BS and people selling crap these days that it's hard to find good articles about anything... – user2429794 Oct 07 '19 at 16:31
2

This is more of a conceptual thing. It's not even a product thing. – schroeder Oct 07 '19 at 16:41
6

@BenBates I don't think the question should be a matter of degree of which is "safer", but if it's "safe enough". It'd likely be safer to wear a helmet all the time too just walking around your house, but we deem walking around the house without a helmet "safe enough". It's the same with SSL/TLS. The security advantage of using SSL/TLS far exceeds any additional security gained by your initial hop being "over a wire". – Steve Sether Oct 07 '19 at 17:42
16

@BenBates As far as good websites to visit, I can't seem to find any good ones for layman. Even many of the answers on Stack Exchange, and Wikipedia on TLS/SSL assume you understand the degrees of risk involved, and could easily be misinterpreted. The Wikipedia article uses phrases like "insecure" for some variants of SSL, which can lead to confusion if you don't understand the specifics of the vulnerability. In the security world "insecure" largely means "don't use this, and move your infrastructure away from it.", but not necessarily "any fool with Google and a computer can hack you". – Steve Sether Oct 07 '19 at 17:48
20

"Satellite is not safe." - This seems like an awfully strange and confusing use of language. To me, the phrase "not safe" means that there's an actual danger. It would be clearer if you wrote something like: "Satellite does not keep your data safe. Neither does cell data, Wi-Fi, or cable Internet. But it doesn't *need* to keep your data safe, because HTTPS is used to keep your data safe." – Tanner Swett Oct 08 '19 at 16:55
@BenBates: It is much better to simply learn the little bit of mathematics to understand encryption, and learn how a browser connects to and transfers data to or from websites, after which it would be clear why encryption is the biggest issue here. The next biggest issue is to not have malware on your computer that you use for banking. Encryption is useless if there is malware on that computer that waits until after you log into the bank website before doing what it likes. – user21820 Oct 08 '19 at 17:32
4

I think @BenBates is looking for a jargon-free answer for the layman. Not a technical scolding from atop a high horse. – DavidS Oct 08 '19 at 20:22
@BenBates Here is a good simple explanation of how modern cryptography works: https://blog.vrypan.net/2013/08/28/public-key-cryptography-for-non-geeks/ That's still far from the whole system, if you want more details about why the math works, you could start by researching "rsa", if you want more information about how its applied to the web, research https. – yesennes Oct 08 '19 at 20:48
1

Perhaps a better way to start would be, "Satellite is as unsafe as, other internet connections". @TannerSwett – Aron Oct 09 '19 at 05:03
@BenBates Just remember the old adage, "You can't fix *Be Nice Policy*"... If people don't want to know how things actually work, there's no telling them... – Harper - Reinstate Monica Oct 09 '19 at 17:17
1

This answer is kind of misleading and possibly lazy. But minimally correct... If you read the entire paragraph. A better answer may actually look into satellite internet networks. I think most satellites scramble the down link because it is relatively very low gain signal. Compared to wifi or cell which all use a low gain general broadcast to every one, the satellite is of the lowest gain, usually covering several states. It may be scrambled so that only subscribed viewers can use the data. In which case satellite signal may be minimally safe by default. – marshal craft Oct 10 '19 at 10:32
As for upload, it may be hard (or not?) to steel the information, as that uses a fairly high gain dish usually? An ease dropper would have to put something near the line of site? Even blocking the signal? And you could say TLS ensures tcp packets data payload are private regardless of lower layers or independent of lower layers such as the physical layer. – marshal craft Oct 10 '19 at 10:36
And as always, due to popular web hosts and all sites essentially residing on one giant AWS server, google, etc. The domain name is never safe and always public thanks to named server extension. – marshal craft Oct 10 '19 at 10:39
I honestly think that this answer is wrong. In the event that the OP is using a website which does not have HTTPS, or is using a weak encryption algorithm, using an cable service instead of anything relying on radio (like WiFi and satellite) is safer because the attack surface has been reduced. – questioner Jun 07 '22 at 14:14

score 40 · Answer 2 · edited Oct 08 '19 at 14:31

I would like to specifically address the question on why security of the underlying mode of communication is not as important as the encryption of the message.

You are communicating with your bank to request a transfer from one account to another. You might write a letter something like this, using an official form you picked up from the bank.

Dear Bank Manager at Acme Bank, Local Branch, 123 Fake St, My Town, USA Please transfer $1 from Account 00000 to Account 00001, signed me.

On the Internet, HTTPS and TLS, as described by simon and schroeder will take this message and transform it into something that only you and the bank can read (Among other technical things, including verifying your identity and message integrity like an old fashioned wax seal).

Perhaps your message becomes something like this (just an example)

s1IZBEfcLeDluY3Ni/2+qio2MHXKwlaka2OnGZFvwqUroGyxp+n9anhABX35cRlnyI1pkdstgvspA5fzNXWvM1Q1lLYnxslQJPhlsR+NtcFnj3r2t7MAB/R0qQZXLDBHGDhL3Y=

This message will now need to be sent to the bank via post (Internet).

Now you might have 3 choices.

Walk into the post office and shout the message at the top of your lungs so the postmaster (and everyone else) can hear it
Put it in an envelope (Address visible!) and hand it to the postal carrier that is going door to door every morning
Send an armored car to deliver directly to the local post office.

All 3 will have different ways of being listened on or intercepted. All are insecure in their own way, since you rely on others to carry the letter. However, since the message itself is secure, you do not care.

Unlike sending physical mail, the message itself has no value, if it is lost or "stolen" you will just send it again, so an armored car is just extra expense and hassle, you only care if someone can read it, or can pretend to be you or the bank.

It is best to protect the message, and not rely on security of the method of transfer.

@gerrit yes, playing mostly tragedies (see, e.g., https://arstechnica.com/gadgets/2019/03/802-eleventy-who-goes-there-wpa3-wi-fi-security-and-what-came-before-it/ and https://arstechnica.com/information-technology/2019/04/serious-flaws-leave-wpa3-vulnerable-to-hacks-that-steal-wi-fi-passwords/ ) — muru, Oct 08 '19 at 08:03
@muru What I'm getting at is — if the security of the method of transfer doesn't matter, why should we worry so much about encrypting wifi at all? [I've asked a new question for this](https://security.stackexchange.com/q/219242/15187). — gerrit, Oct 08 '19 at 08:17
@gerrit WiFi encryption is to keep people from hopping on WiFi networks at random and portscanning or working exploits against systems on that network. It also prevents listening in on more trivial, non-SSL communication such as gaming or instant messaging, and stepping in to masquerade as legitimate traffic. If you think WiFi is security theatre, you are only thinking about your one appliciation, e.g. Encrypting your use of the bank's website. — Harper - Reinstate Monica, Oct 09 '19 at 17:23
WiFi encryption [protects the network](/a/219245/89875), rather than the service. — Toby Speight, Oct 09 '19 at 18:18

score 10 · Answer 3 · answered Oct 07 '19 at 16:29

10

The physical support you use to transport the information doesn't make it more or less secure. Communications nowadays are all encrypted using protocols such as TLS. This means that the information cannot be read by anyone else than the receiver. You might want to read a little about Encryption.

Now while these protocols exists, it doesn't mean that everyone use them. While handling sensitive data, you have to verify yourself that they do. If you have doubts, you can probably contact your service providers for more information.

answered Oct 07 '19 at 16:29

Simon

541
1
4
12

Right. So if you are making a purchase on Amazon. And your computer is kept up to date and you run good firewall, etc. There shouldn't be an issue of someone snagging your data. The issue comes in if you are accessing a site that isn't properly secured, then your data could be vulnerable... That was always how I thought about it... – user2429794 Oct 07 '19 at 16:50
This is true when talking about communications only. There is many other risks, for example phishing or storage of the information. Your wife isn't wrong to be worried about online transactions. I'd say there is a minimum of research and knowledge to have to do sensitive things on the internet. – Simon Oct 07 '19 at 17:15
Concern is good. I don't mind the question. But conflating different things together makes it hard to explain why something is more or less safe. She hears horror stories of phones getting hacked, etc. I tell her that "usually" this requires a series of mistakes. Most of these hacks are from using a fake hotspot in public. WE NEVER USE PUBLIC WIFI, because of this very thing. We only use internet that we feel we can trust. – user2429794 Oct 07 '19 at 17:23

score 6 · Answer 4 · answered Oct 08 '19 at 03:40

For HTTPS sites, you should have little to worry about. Most websites especially important sites that handles personally sensitive data like banking and emails are running on HTTPS nowadays.

If you're concerned about people snagging data of the air and are willing to pay a few bucks for the peace of mind, you can use a VPN service. Once configured correctly, VPN directs all traffic to the VPN termination point and encrypts all data between your devices/local network to the termination point. There's no realistic chance of snagging data over the air even when the website don't use HTTPS. The interception point now is the VPN servers, which is usually connected to tier 1 networks via cables or fibers, rather than a wireless network.

It's likely that your satellite service provider might have already have an over-the-air encryption setup on their network. I can't fathom a commercial satellite internet provider that would be so irresponsible as to not use any form of over the air encryption. Like VPN, this would move the practical interception points to the ground based gateways, though that gateway will be one controlled by the satellite internet provider rather than an independent service. Talk to your satellite network provider and find out how they setup their security if you have any concerns.

FWIW, Last time I checked, HughesNet's satellite Internet didn't support using VPN — I suspect because it interferes with their compression scheme. — martineau, Oct 08 '19 at 23:01
@martineau Your comment made me curious so I looked and found https://www.satelliteinternet.com/providers/hughesnet/faqs/ that says *"Technically, you can use a Virtual Private Network (VPN) with your HughesNet internet service, but it likely won’t work very well. Satellite internet technology already causes a lot of lag. A VPN adds an additional stop on the path to and from your network, so it can end up doubling the lag you’re already experiencing with satellite internet."* So there would appear to be no technical restriction on going through a VPN while using their service for connectivity. — user, Oct 09 '19 at 09:29

score 5 · Answer 5 · answered Oct 08 '19 at 22:38

5

If we disregard that all payments should go over https and be encrypted, it would probably be easier to wiretap a cable than intercepting what you send upwards to the satellite.

answered Oct 08 '19 at 22:38

Lenne

229
1
8

1

Well, all that goes up, must come down! Listeners may be able to observe one side of the transmission by pointing an antenna at the satellite. End-to-end encryption is, as others point out, the natural defence. – Toby Speight Oct 09 '19 at 18:09

score 3 · Accepted Answer · answered Oct 10 '19 at 16:10

Many of the answers seem to agree that because you would be using TLS you can rest assured. There seems to be some disagreement between whether landline, wired Internet or satellite Internet is safest.

It's important to mention that TLS has had its share of problems and that TLS interception is possible. The other issue is that a connection from a private residence may or may not be of interest to someone but it's also a question of accessibility and reward for the effort.

User MooseBoys touched on this in a comment to the question:

"It's worth pointing out that the nuclear arsenal of the United States is controlled, in part, via satellite connections.".

User Lie Ryan also brushed against the problem in their answer:

"It's likely that your satellite service provider might have already have an over-the-air encryption setup on their network. I can't fathom a commercial satellite internet provider that would be so irresponsible as to not use any form of over the air encryption. Like VPN, this would move the practical interception points to the ground based gateways, though that gateway will be one controlled by the satellite internet provider rather than an independent service.".

Attack on a country's phone and Internet is a useful military objective but at least part and usually all of the most secure information uses different circuits - I don't want to travel too far down that path because your banking information isn't going that way and you are asking about satellites.

While attack on a country's internal communications is a useful objective for an aggressor to perfect and an active field of study it is space where control is important. Underwater cables (where all landlines travel country to country) have common and fixed entry and exit points, the country where they enter (for forwarding throughout the continent) has physical access to them and prior attacks on them have been documented.

L3Harris advertises equipment to intercept encrypted satellite communications, see their webpage: "Satellite Intercept":

"The proliferation in organised crime, and its interaction with global terrorism, presents challenges for naval, marine, police and security forces. Monitoring, tracking and taking measures to stop the actions of these groups costs both time and money. So ensuring that actions are carried out effectively and efficiently is crucial.

The relative ease of communication between individuals and groups, due to the extensive coverage and availability of Thuraya and Inmarsat satellite networks, means that they are favoured by criminal and subversive groups located in remote or even urban regions.

The ability to intercept and monitor conversations and data transmitted over satellite networks, provides the vital Intelligence which enables detailed and comprehensive analysis and reporting of target activities. This gives the operational commander the ability to search for, intercept, identify and locate potential targets through EW assets, to ultimately win the information battle.".
It is alleged that the Russian satellites Olymp-K (Russian: Олимп-К meaning Olympus) and Luch (Russian: Луч meaning ray and sometimes transliterated as Loutch) have been involved in satellite espionage.
Stratign is another company that advertises satellite intercept systems:

"Satellite Turnkey Interception System

Objective

In today’s challenging security environment, Governments need to monitor conversations, fax and email messages and other data transmitted across satellite networks for national and international communications. Whilst most satellite communications are perfectly legitimate, the extensive geographical coverage provided by satellite communications networks means they are favored by subversive groups in remote regions. Thus, Satellite interception system is a basic requirement for countrywide intelligence collection operations.

...

The Satellite Interception System will provide an automated platform for the Intelligence agencies to conduct passive collection of satellite transported information and achieve plain Voice/ fax and data information. In case the transported information is encrypted, the Satellite Interception system will provide encrypted raw output. Decryption is not part of this system and should be treated as a separate activity altogether.

Satellite Interception System provides its users with a fast Satellite data acquisition and Online Demodulation. The system has a Carrier Interception application integrated for finding new targets and achieving all necessary measurements. The system has been adapted in a manner to perform online DCME Analysis for current and new DCME systems being adapted by various subscribers globally.

Once the Satellite interception system is tuned to any of the satellite uplink and downlink frequency, all satellite information transported by these countries will be present for the interception. The user can then, based on his experience of using the carrier interception system, has to select the channel of the country of interest and tune the receiver to receive that channel of interest. The system will automatically demodulate the satellite signal and adapt the decompression scheme for extracting Voice/Fax and Data outputs for the intelligence operatives to view and act in accordance with the requirements.".

Day to day you shouldn't worry about your banking information or other secured transmissions.

Question: Is it safe to pay bills and access accounts through this? Specifically, should we be be concerned that someone can just snag our signal out of the air and steal our information? I know anything is possible, but is it likely?

A foreign government probably does "steal your information" and almost certainly does nothing with it, so as not to reveal themselves and their success. One day, if there is war, they might send send transactions from many accounts along with interfering with other transmissions in order to bring electronic chaos to the threatened country.

This really isn't something to worry about on a day to day basis, and you are insured against such fraud. Privacy is another issue, do you want what you purchase or which websites you visit to be known, again this probably won't be an issue unless you are famous; and especially if you are a world leader.

score 1 · Answer 7 · answered Oct 08 '19 at 21:41

1

The public internet isn't necessarily safe. However, if you're paying bills on a website that is encrypted with SSL/TLS, you're relatively safe, especially if it's encrypted with TLS 1.2 or TLS 1.3.

answered Oct 08 '19 at 21:41

Sr8120

11
1

score 1 · Answer 8 · answered Oct 09 '19 at 03:35

Provided that your bank website is at an "https" address and your browser is showing you the "lock" symbol, you are safe.

HTTPS encrypts your data so that anybody who might be able to intercept your data cannot decrypt it.

HTTPS also ensures that no third party can interpose between you and your bank (man-in-the-middle) as a way to decrypt your communication. That's what the lock symbol is mostly about - your computer is able to authenticate via a certificate that the site you are connecting to is the site you think it is. As long as the address in the address bar is correct for the bank you are dealing with, and the lock symbol is there, it's authenticated and secure.

The purpose of HTTPS is to allow you to communicate securely over a connection which could be vulnerable to interception.

score 0 · Answer 9 · edited Feb 21 '21 at 08:22

As people have mentioned, it is mandatory that the websites you use for buying things are TLS encrypted and such. As people have also said, no particular type of internet connection (wired, cellular or satellite) is truly secure/without flaws.

That said, I would like to argue that satellite internet is perhaps arguably less safe than typical connection types. I argue this because many providers do not provide a higher layer of encryption between satellite and receiver and therefore anything not encrypted at another layer (such as the HTTP layer) becomes vulnerable.

How is this any different from a more typical connection type you might ask? Whilst there are potential points of vulnerability along the network of a typical connection, they would usually require someone to physically infiltrate part of the network at some point. I.e. some person just sat in his bedroom could not make use of these vulnerabilities. That is not true for some satellite internet providers/connections. It is perfectly plausible that from hundreds, if not thousands of miles away someone could sniff your satellite internet data; because if it's not encrypted, and it's beaming down from space, you aren't the only one that can receive it.

Source: https://www.youtube.com/watch?v=ku0Q_Wey4K0&list=PLG11mNNb3AAkgIHlxMMSj-sSzWjbYhh0W

Whilst you would be extremely unlucky to be caught out in this way, I still think it is inherently more vulnerable than typical connections because of how easily it can be done.

However my recommendation would be to a) always make sure any website you are provider sensitive data on is encrypted with TLS b) use a trusted VPN when using satellite internet.

Since almost any trusted site uses TLS for card transactions these days, I don't think it is your card details that would be most vulnerable. More than likely it would be things such as session tokens and personal messages/information from apps/websites that do not correctly implement encryption methods. And don't be fooled, some of these things can be valuable enough that someone could ultimately steal money from you.

The internet over a cable has no media encryption at all. – schroeder Feb 21 '21 at 08:25 — schroeder, Feb 21 '21 at 08:25

Simon Wainwright · Answer 10 · 2019-10-10T23:17:21.610

-9

Be sure you have a vpn and safety processing apps and a strong virus protection if you use the same password on your accounts ie Fb etc thats a NO in my eyes . Hesitate using your phone for online transactions; if using public wifi yes banks have very high firewalls and high levels of encryption but not all banks use the same say as another so if your bank is not using highest technology you might be a good victim for hackers who sit themselves in the hotspots ready to hack anyone that hasn't got the right security software so credit and identity theft is a massive problem . EDITED

edited Oct 10 '19 at 23:17

answered Oct 08 '19 at 17:52

Simon Wainwright

1
4

11

What is an "internet password"? Why does using phone open someone to credit and identity theft each time? Why wouldn't people use public hotspots and for what? – JiK Oct 08 '19 at 19:02
9

This appears to be fearmongering without any actual evidence or technical basis. It doesn't even make much sense. – Lightness Races in Orbit Oct 09 '19 at 11:36
4

Simon, it's the opposite. Using mobile devices for banking (especially the Apple ones) has been deemed safer than using desktop or laptop devices. This is due to the more closed app ecosystem, the built-in sandboxing and the secured base platform (secure enclave and signed boot sequence). Your iPhone bank app is not likely to connect to a spoofed URL or have their TLS connection intercepted. – Martijn Heemels Oct 09 '19 at 12:04
@Martijn Heemels sorry am New to this and learning so my apologies for the wrong answer – Simon Wainwright Oct 09 '19 at 22:02
@Jik Can I ask do you use you phone in public wifi hotspots ? – Simon Wainwright Oct 09 '19 at 22:19
@SimonWainwright Yes...? Why wouldn't I? – JiK Oct 10 '19 at 07:53
@SimonWainwright No worries. That's how we all learn. – Martijn Heemels Oct 10 '19 at 12:43
I do use my phone on public WiFi hotspots. For any HTTPS connections (such as those from banking apps, Gmail, etc.) you'll be fine in any case. Any non-encrypted connections can be eavesdropped on public WiFi, so as a safety measure I use a VPN app (Encrypt.me in my case) on my phone that automatically encrypts all traffic whenever I'm connected to a network I've not whitelisted. If you do that a public hotspot is as safe as your home network. – Martijn Heemels Oct 10 '19 at 12:48
@jik that's fine that you use it at public hotspots places . Do you just use it for general browsing and do you have all the security protection that makes public hotspots and connections to your phone safe – Simon Wainwright Oct 10 '19 at 23:08
@SimonWainwright I use mostly secure connections, and when I don't, I generally assume that everything I do is open for eavesdropping and tampering anyway no matter how I'm connected to Internet. – JiK Oct 11 '19 at 11:09

Is it safe to pay bills over satellite internet?

10 Answers10

Linked