https://spectrum.ieee.org/iridium-satellite

[                    ]

IEEE.orgIEEE Xplore Digital LibraryIEEE StandardsMore Sites
Sign InJoin IEEE
 
White Hat Hackers Expose Iridium Satellite Security Flaws
Share
FOR THE TECHNOLOGY INSIDER
Search: [                    ]
Explore by topic
AerospaceAIBiomedicalClimate TechComputingConsumer ElectronicsEnergy
History of TechnologyRoboticsSemiconductorsTelecommunications
Transportation
IEEE Spectrum
FOR THE TECHNOLOGY INSIDER

Topics

AerospaceAIBiomedicalClimate TechComputingConsumer ElectronicsEnergy
History of TechnologyRoboticsSemiconductorsTelecommunications
Transportation

Sections

FeaturesNewsOpinionCareersDIYEngineering Resources

More

NewslettersSpecial ReportsCollectionsExplainersTop Programming
LanguagesRobots Guide /IEEE Job Site /

For IEEE Members

Current IssueMagazine ArchiveThe InstituteThe Institute Archive

For IEEE Members

Current IssueMagazine ArchiveThe InstituteThe Institute Archive

IEEE Spectrum

About UsContact UsReprints & Permissions /Advertising /

Follow IEEE Spectrum

        

Support IEEE Spectrum

IEEE Spectrum is the flagship publication of the IEEE -- the world's
largest professional organization devoted to engineering and applied
sciences. Our articles, podcasts, and infographics inform our readers
about developments in technology, engineering, and science.
Join IEEE
Subscribe
About IEEEContact & SupportAccessibilityNondiscrimination PolicyTerms
IEEE Privacy PolicyCookie PreferencesAd Privacy Options
(c) Copyright 2025 IEEE -- All rights reserved. A public charity, IEEE
is the world's largest technical professional organization dedicated
to advancing technology for the benefit of humanity.
 

Enjoy more free content and benefits by creating an account

Saving articles to read later requires an IEEE Spectrum account

The Institute content is only available for members

Downloading full PDF issues is exclusive for IEEE Members

Downloading this e-book is exclusive for IEEE Members

Access to Spectrum 's Digital Edition is exclusive for IEEE Members

Following topics is a feature exclusive for IEEE Members

Adding your response to an article requires an IEEE Spectrum account

Create an account to access more content and features on IEEE
Spectrum , including the ability to save articles to read later,
download Spectrum Collections, and participate in conversations with
readers and editors. For more exclusive content and features,
consider Joining IEEE .

Join the world's largest professional organization devoted to
engineering and applied sciences and get access to all of Spectrum's
articles, archives, PDF downloads, and other benefits. Learn more
about IEEE -

Join the world's largest professional organization devoted to
engineering and applied sciences and get access to this e-book plus
all of IEEE Spectrum's articles, archives, PDF downloads, and other
benefits. Learn more about IEEE -

CREATE AN ACCOUNTSIGN IN
JOIN IEEESIGN IN
Close

Access Thousands of Articles -- Completely Free

Create an account and get exclusive content and features: Save
articles, download collections, and talk to tech insiders -- all free!
For full access and benefits, join IEEE as a paying member.

CREATE AN ACCOUNTSIGN IN
TelecommunicationsAerospaceNews

White Hat Hackers Expose Iridium Satellite Security Flaws

Users' locations and texts can be intercepted, including DoD
employees

Tereza Pultarova
12 Feb 2025
4 min read

Collage of the Iridium 8 mission's rocket launch and an Iridium
satellite.

Iridium was the first commercial commercial satellite communications
service, and its legacy systems still allow for some security gaps,
as white hat hackers recently revealed.

Original photos: SpaceX; National Air and Space Museum

In a recent demonstration, German white hat hackers showed how to
intercept text messages sent via the U.S. satellite communication
system Iridium and locate users with an accuracy of about 4
kilometers.

The twohackers, known publicly only under the nicknames Sec and
Schneider, made the revelations during a presentation at the Chaos
Communication Congress in late December in Hamburg, Germany. During
the talk, they highlighted severe vulnerabilities in services that
tens of thousands of users from the U.S. Department of Defense rely
on.

Although the DoD uses a secure gateway to route and encrypt its
traffic, the hackers were able to see which devices were connecting
via the DoD pathway. That allowed the duo to identify and locate DoD
users with an accuracy of about 4 km using a home-assembled
eavesdropping kit consisting of a commercially available Iridium
antenna, a software-defined radio receiver and a basic computer, such
as the Intel N100 mobile CPU or the Raspberry Pi mini-computer.

"We see devices that register with the DoD service center and then we
can find their positions from these registrations," Sec said during
the talk. "You don't have to see the communication from the actual
phone to the network, you just see the network's answer with the
position, and you then can map where all the registered devices are."

Iridium's Legacy Components Still Cause Problems

The Iridium constellation, first deployed in the late 1990s, is made
up of 66 satellites disbursed across six orbital planes roughly 870
km above Earth. The constellation, the first to have provided global
commercial satellite communications services, supports satellite
telephony and connects pagers, emergency beacons, and Internet of
Things devices all over the world. Out of Iridium's 2.3 million
subscribers, 145,000 are U.S. government customers. Iridium receivers
are also frequently used by vessels at sea and by aircraft pilots
exchanging information with other airplanes and with ground control.

"Back then encryption was not something on everyone's mind," Sec said
during the presentation. "All the [first generation] Iridium data is
unencrypted." (Iridium didn't respond to a request to comment.)

Iridium replaced its first-generation fleet with more secure
satellites (the second-generation NEXT constellation) between 2017
and 2019. But according to satellite and telecommunications industry
analyst Christian von der Ropp, many Iridium devices in use today,
including civilian satellite phones, still rely on the
first-generation Iridium radio protocol that has no encryption.

"The regular satellite phones that they sell still operate under the
old legacy protocol," says von der Ropp. "If you buy a brand-new
civilian Iridium phone, it still operates using the 30-year-old radio
protocol, and it is subject to the same vulnerability. So, you can
intercept everything. You can listen to the voice calls, you can read
SMS, absolutely everything. Out of the box it's a totally unsecure
service."

Von der Ropp estimates that tens or even hundreds of thousands of
Iridium devices in use today rely on the old, unsecured radio
protocol.

Hackers Reveal Vulnerabilities in Iridium's Systems

While the DoD uses an extra layer of encryption to protect the
content of its exchanges, other nations' agencies appear to be less
aware of the vulnerabilities. In perhaps the most jaw-dropping moment
of the hacking demonstration, Sec revealed a text message exchanged
between two employees of the German Foreign Office that he and
Schneider were able to intercept.

"I need a good doctor in [Tel Aviv] who can also look at gunshot
wounds. Can you send me a number ASAP," read the message sent by a
worker at the Crisis Response Center of the German Foreign Office's
mission in Tel Aviv. The hackers did not reveal when the exchange had
taken place.

Using software he and Schneider had created, Sec also showed a map of
devices visible in a single moment to their eavesdropping gear
located in Munich. Iridium devices as far as London, central Norway
and Syria (more than 3,000 km away) could be seen.

"With US $400 worth of equipment and freely available software, you
can start right away intercepting Iridium communications in an area
with a diameter of hundreds, sometimes even thousands of kilometers,"
said von der Ropp, who was present at the demonstration. "The Iridium
signal is divided into spot beams that are about 400 km wide. In
principle, one should only be able to listen to the spot beam
overhead. But the signal is so strong that you can also detect many
of the surrounding spot beams, sometimes up to 2,000 km away."

The DoD, von der Ropp said, is looking for alternatives to Iridium,
including Starlink. Still, last year Iridium won a $94 million
contract to provide communication services to the U.S. Space Force.

Von der Ropp noted that few Iridium users seemed to be active in
Ukraine, suggesting the local forces are potentially aware of
Iridium's shortcomings. The vulnerability of satellite systems and
services to disruption and interference by bad actors has become a
hot topic since Russia's invasion of the country three years ago. The
widespread cyberattack on the ground infrastructure of satellite
communication provider Viasat crippled the Ukrainian forces' access
to satcom services on the eve of the invasion. The incident, which
according to analysts was planned by Russian state-backed hackers for
months, revealed the weakness of Viasat's cyber defenses.

Since then, the number of cyberattacks on satcom providers has
increased exponentially. Global navigation and positioning satellite
systems such as GPS have also been put to the test. Signal jamming is
now a regular occurrence even outside conflict zones and instances of
sophisticated spoofing attacks, designed to confuse users and send
them to wrong locations, are becoming increasingly common.

From Your Site Articles

  * Controversial Satellite-Messaging Startup Higher Ground Cleared
    for Takeoff >
  * A DIY Tracker Tough Enough for the Arctic >

Related Articles Around the Web

  * CCC | Home >
  * Iridium Satellite Communications | Your World. Our Network. >

satellite communicationssatellitesiridiumhackingsecurity
Tereza Pultarova
 
The Conversation (0)
A smiling man has a laptop open in front of him with the OpenAI logo
on it. The laptop is connected to a screen behind the man that shows
text.
AINewsConsumer Electronics

Are You Ready to Let an AI Agent Use Your Computer?

8h
4 min read
Steve Temple showing a small, coin-sized SpiNNaker chip to Steve
Furber. Behind them is a screen showing a labelled plot of the chip
itself.
ComputingAIInterview

Brain-inspired Computing Is Ready for the Big Time

9h
6 min read
Illustration of planet Earth, surrounded by icons representing the
six core values of IEEE's strategic plan.
The InstituteIEEE Member NewsCareersNews

IEEE Unveils the 2025-2030 Strategic Plan

12 Feb 2025
2 min read

Related Stories

AerospaceNewsTelecommunications

Indian Startup Plans to Build Ultra-Low Orbit Satellite

AerospaceNews

Miniature Sun-Watcher Completes 3-Year Mission

AerospaceNews

European Satellite Burns Up for Science