The emergent direct-to-cell Low-Earth Orbit (LEO) satellite mega-constellations promise ubiquitous LTE/5G access for our commodity phones and IoTs without terrestrial base stations. While their extreme scale and mobility help tolerate diverse attacks, we show that both new features are exploitable to amplify signaling protocol vulnerabilities inherited from LTE/5G and obfuscate attacks to threaten satellite services. We showcase this with SatOver, a control-plane cross-layer attack that lets a greedy terrestrial operator or a man-in-the-middle attacker block all direct-to-cell satellites in urban areas. SatOver can reuse terrestrial LTE/5G base stations or deploy commodity software-defined radios as false satellites, stealthily hijack victim devices, delay their satellite access, stop them from probing other satellites, and block the entire mega-constellation. Our real-world satellite tests, lab tests with commodity 3GPP NR/IoT-NTN stacks, and operational trace-driven emulation validate SatOver’s viability for attacking COTS and upcoming NTN phones/IoTs. We discuss potential defenses against SatOver’s attack amplification/obfuscation.