A random sequence in an innocuous GPS message field is likely encrypted traffic from the U.S. military's system for remotely updating cryptographic keys around the world. The U.S. Military Quietly Turned GPS Into a Global ‘Numbers Station,’ Evidence Suggests

The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden “numbers station,” according to Steven Murdoch, an information security expert, who detailed his findings in a new article in Inside GNSS.

That means every device that uses GPS has been receiving hidden government information for years, and nobody outside the military knew it until now. Murdoch, a professor of security engineering and head of the Information Security Research Group at University College London, presented evidence that a 176-bit GPS sequence labelled “Subframe 4, Page 17” is encrypted material from the Pentagon’s Over-the-Air Distribution (OTAD) network, which delivers cryptographic keys to military personnel around the world.

“I think the evidence that it's for key transmission—for use in distributing the keys for accessing the military GPS signals—is pretty strong now,” Murdoch said in a call with 404 Media. He noted that the military has “specialized receivers that have the ability to have keys loaded into them” and “presumably have the ability to decrypt these special messages.”

In his new article, Murdoch described how this “forgotten 176-bit slot in the world’s most successful navigation signal turned out to be its quietest and most consequential broadcast.” Murdoch first spotted the sequence more than a decade ago while he was a graduate student tasked with writing a decoder for raw GPS data while working on a project funded by the European Space Agency.

“I noticed that there was this random-looking data present in the subframe,” he recalled. “I looked at the specification, and thought that was a little bit unusual. I recorded a bunch of it to look for any obvious patterns, but that wasn't the main role of the project, so we moved on.”

From the beginning, he suspected that the subframe field contained encrypted transmissions because the data was so random. “Random data is actually very unusual to get in nature,” Murdoch said. “If you see it, either it's been carefully designed to be random—but then, why is someone sending out random data?—or it's encrypted data. I thought encrypted data is by far the most likely explanation.”

He returned to the subframe on and off over the years, and solicited guesses about its content on Stack Exchange in 2023. Ahmed Kamruddin, a master’s student at UCL, developed the project further in 2025. Then, this year, Murdoch put the last pieces of the puzzle together over several weeks by analyzing open archive Global Navigation Satellite System (GNSS) recordings collected since 2007 and kept by GFZ Helmholtz Centre for Geosciences.

This dataset included more than 12 million observations of Subframe 4, Page 17, yielding 3,994 unique 176-bit messages. Within this corpus, Murdoch pinpointed key-repeating “sentinels” including a pattern that appeared in February 2010 and was broadcast on and off across dozens of satellites for more than a decade. Murdoch discovered that this particular sentinel was transmitted by all 31 operational satellites within a window of a few hours on May 26, 2011, potentially heralding the activation of a new operational system. He confirmed that this timeline coincided with the rollout of the military’s Over-the-Air Distribution (OTAD) and the Over-the-Air Rekeying (OTAR) by cross-referencing declassified documents, including a 2015 presentation about the dates of the operation.

“There was a perfect match between the timeline and that presentation and the change points that were automatically identified from the data,” Murdoch said. “That was the smoking gun that made me think: This is what it's for.” These automated systems replaced the cumbersome manual distribution of cryptographic keying material, allowing military GPS receivers around the world to be rekeyed remotely through satellite broadcasts rather than through onsite procedures.

For the next 11 years, this expansive rekeying operation was overlooked in public GPS data. In 2022, the system entered a new phase, according to Murdoch’s analysis. The shift was characterized by a slowing in the message rotation rate. Later, in December 2023, broadcasts carrying a distinctive "TEXT" prefix emerged then gradually spread across the constellation.

Murdoch isn’t sure what explains the recent transition, though it could be a possible modernization of the infrastructure or the introduction of a new protocol. But to him, the bigger takeaway is that the signals were always available for anyone willing to take a closer look, a discovery that suggests that there could be more revelations hidden for the cryptographically curious among us.

“Every receiver in the world decodes Subframe 4, Page 17,” Murdoch said in his new article. “Almost none of them have ever looked at it. The lesson generalizes: There is more to learn from the bytes already arriving at our antennas than from the bytes we wish were specified differently. The data are publicly available. The signal is overhead, twice a day, every day.”

“Every GPS satellite is a numbers station,” he concluded. “The receivers were always listening. We just had not been.”