[HN Gopher] White Hat Hackers Expose Iridium Satellite Security ...
___________________________________________________________________
White Hat Hackers Expose Iridium Satellite Security Flaws
Author : Brajeshwar
Score : 115 points
Date : 2025-02-13 16:23 UTC (6 hours ago)
(HTM) web link (spectrum.ieee.org)
(TXT) w3m dump (spectrum.ieee.org)
| thunder-blue-3 wrote:
| I was once offered an engineering manager position at iridium
| (which i discussed here
| https://news.ycombinator.com/item?id=41748519)-- that entire
| company is a race to reduce the bottom line. They offered me (an
| engineering manager to 5 engineers) a lower salary than I was
| offered as a new grad. Also their talent pipeline is quite stale,
| most of the engineers on my prospective team were at the org for
| 10-20 years. For such an interesting aspect of technology, it's
| ashame they can't attract more talent, such an untapped market
| low earth orbit satellite networks are...
| morgango wrote:
| Iridium, that is a name I've not heard in a long time.
|
| IMHO, the worst places to be are organizations that were
| supposed to change the world, but didn't, and don't quite get
| it.
|
| Your experience totally tracks with that.
| bathtub365 wrote:
| They set up global satellite communications over 20 years
| ago. They did change the world.
| jandrese wrote:
| This seems like it should be totally expected. Iridium's
| engineering efforts are largely in the past, they're purely in
| the revenue extraction mode at this point. Your job description
| is basically just "maintain obsolete legacy system just enough
| to make money."
| martinsnow wrote:
| Sadly I expect them to be at the stage of no relevance. Just
| enough that as another commenter said it could make some money
| but satellites have no business value.
| wcfields wrote:
| Their value is the niche of being able to work at the poles,
| unlike any other constellation, despite being dialup speed.
| martinsnow wrote:
| But how can you translate that to dollars today?
| glitchc wrote:
| Starlink ate Iridium's lunch. Any benefits Iridium was supposed
| to provide are currently achieved by Starlink.
| moolcool wrote:
| Maybe specialty hardware? Are there handsets yet which can
| connect to starlink?
| albroland wrote:
| iPhone, most notably.
| moolcool wrote:
| Starlink Direct to Cell is not available yet
| flutas wrote:
| I have it on my Pixel 9 Pro XL right now and have had it
| since the end of January. Worked well so far for me in
| the country where Tmo typically has had dead spots, if
| not a little slow.
|
| https://i.imgur.com/wrl5KLf.png
| moolcool wrote:
| That is just texting though, not voice or data.
| schiffern wrote:
| Let's not move goalposts. It's still undeniably both
| "Starlink" and "Direct To Cell," so I would say that
| Starlink Direct To Cell is indeed available.
| moolcool wrote:
| Moving the goalposts? The point I was refuting was "Any
| benefits Iridium was supposed to provide are currently
| achieved by Starlink", but Iridium offers services today
| which StarLink does not.
| keyme wrote:
| Is it 5G only or does LTE also work?
| jandrese wrote:
| It's only for texting so it doesn't really matter. That
| said Iridium is so slow it's mostly only useful for
| texting type situations as well. Even the voice is so
| heavily compressed and laggy as to be mildly unpleasant
| to use.
| windexh8er wrote:
| Much more than iPhone. From Tmobile's FAQ [0]:
|
| Apple iPhone 14 and later (including Plus, Pro & Pro
| Max), Google Pixel 9 (including Pro, Pro Fold, & Pro XL),
| Motorola 2024 and later (including razr, razr+, edge and
| g series), Samsung Galaxy A14, A15, A16, A35, A53, A54,
| Samsung Galaxy S21 and later (including Plus, Ultra and
| Fan Edition), Samsung Galaxy X Cover6 Pro, Samsung Galaxy
| Z Flip3 and later, Samsung Galaxy Z Fold3 and later and
| REVVL 7 (including Pro)
|
| [0] https://www.t-mobile.com/coverage/satellite-phone-
| service?ic...
| harrall wrote:
| Iridium and other satellite companies also went bankrupt and
| their satellites were going to be de-orbited until the US
| Government bailed them out in the 2000s. They couldn't get
| enough customers to support enough launches.
|
| Terrestrial networks in the meantime have only gotten better
| and improved coverage. Not that many customers, relatively,
| need satellite comms.
|
| Now SpaceX is eating their lunch.
|
| I don't think the market for satellite comms has ever been big
| enough for a pure-satellite company to get enough money to do
| something cool. SpaceX can afford the R&D because they are a
| little more diversified.
| mschuster91 wrote:
| > They couldn't get enough customers to support enough
| launches.
|
| No surprise, the only usecases back then for the price that
| Iridium and others commanded were SAR, a few military/secret
| service style use cases and execs who deem themselves to be
| of such importance that they need to be reachable on the
| globe 24/7 even if they are just taking a flight over the
| Atlantic or on a cruise ship, and Iridium can't be reasonably
| used for much more than that.
|
| > Now SpaceX is eating their lunch.
|
| Partially due to physics. Latency on Starlink is reportedly
| low enough to run online games or telephony and the bandwidth
| high enough to allow for video streaming in the outback,
| which makes the potential market size muuuuch bigger so the
| price point can be lowered enough to be competitive with
| _landline DSL_ of all things.
|
| The problem is, SpaceX isn't something that the US government
| can rely on forever. _For now_ , its leader is in good
| standing with the 47th, but that may change overnight (it has
| happened with either of these characters before and _both_
| have quite the large egos that will collide rather sooner
| than later). And what to do then?
| erinaceousjones wrote:
| The other usecase has been Oceanographic sensors and
| moorings, and GPS tags on things. Iridium RUDICS gets you
| verrrry slow dialup connections to things and Iridium Short
| Burst Data gets you ~1800 byte messages sent 'mailbox'
| style. We use Iridium for sending them commands but also a
| surprising amount of useful data can be stuffed into those
| ~28k connections and 1800 byte payloads.
|
| Argo floats use them, Slocum gliders and Seagliders use
| them (underwater AUVs). There's lots of Iridium resellers
| out there and small companies offering backup GPS tags like
| RocksBlocks and Novatech and Argos (not too be confused
| with Argo, or Argos the brand).
|
| We get enough data back to build up vertical profiles of
| the water column down to like 6000m depth with enough
| resolution that scientists can pick out physical chemical
| and biological features of interest. We communicate with
| the AUVs every couple of hours on average and they are
| operating all year round. I think there's probably a couple
| thousand underwater-glider style AUVs and a couple thousand
| Argo floats being used in total by the world's
| oceanographic institutes, meteorological institutes,
| militaries and coastguards etc.
|
| It's a small niche, but a small niche that's been
| collectively using Iridium for the best part of over 2
| decades now and one that is very conservative about
| change.... Like extraplanetary rovers with radiation
| hardened hardware, deep sea pressure tested robots use
| tried and tested stuff so we're a long ways off switching
| to higher bandwidth alternatives... Especially since
| Iridium comms are very low power and the modems are easy to
| integrate into things.. tiny boards which accept AT
| commands over serial.
|
| It does not suprise me at all that security flaws have been
| found in Iridium. Most of our applications of it don't even
| consider security, the hardware itself rarely offers
| encryption, and old-school Iridium RUDICS requires you to
| open up a raw TCP port on a server open to the internet for
| your satellite devices to dial into in RUDICS mode, and if
| you're using SBD you're sending plaintext emails back and
| forth to the Iridium gateway service. The whole thing is
| very "security is not our problem" which means _nobody_
| thinks about it. I believe the military versions of one of
| the underwater glider AUVs has a login prompt now lol, but
| still sends unencrypted passwords over the plaintext RUDICS
| connection.
| irish_john wrote:
| >Now SpaceX is eating their lunch. Fact Check Time! Iridium
| stock jumped 15% today, because their 4Q earnings vastly beat
| expectations. They earned $0.31 per share versus expectations
| of $0.16 Their Revenue grew 9% Year over Year to $213 million
| vvillena wrote:
| "Eccentric Orbits: The Iridium Story" by John Bloom is a must-
| read for anyone remotely interested in satellites, communication
| networks, or corporate management. The project achieved several
| outstanding engineering feats, then fumbled into an almost
| unrecoverable position, then rose from the ashes into the small
| niche it holds today.
|
| Plus, "Early calculations showed that 77 satellites would be
| needed, hence the name Iridium", is an eternally cool piece of
| trivia.
| halper wrote:
| I concur: was a very good read! Can wholeheartedly recommend.
| jlg23 wrote:
| I assume the article is based on this presentation at 38c3:
| https://media.ccc.de/v/38c3-investigating-the-iridium-satell...
| flarzzarp wrote:
| My guess is, that similar flaws have been known and exploited for
| ages. I doubt that iridium was ever truly safe to begin with. I
| was recently looking into renting an iridium satellite modem and
| while doing so, I found a pdf on some shady private intelligence
| agencies website that documented a tool to intercept calls and
| messages as well as locating users of the network. The
| screenshots looked like a late 90s, early 2000s windows ui and
| talked about special radio equipment that the tool interfaces
| with.
|
| Search for "Iridium Interception System reference manual pdf"
| palmotea wrote:
| > I found a pdf on some shady private intelligence agencies
| website that documented a tool to intercept calls and messages
| as well as locating users of the network. ... Search for
| "Iridium Interception System reference manual pdf"
|
| This? https://pegasusintelligence.com/docs/iridium-monitoring-
| syst...
|
| > The screenshots looked like a late 90s, early 2000s windows
| ui and talked about special radio equipment that the tool
| interfaces with.
|
| Mid-2000s. A lot of them have dates, and they're all Jan/Feb
| 2007.
| schiffern wrote:
| >Users' locations and texts can be intercepted, including DoD
| employees
|
| Leaking DoD operator locations? Yikes!
|
| If this was Starlink, you're kidding yourself if you think this
| wouldn't be dominating an entire news cycle, and then transition
| into an endlessly repeated mob refrain.
|
| Since it's not, I expect crickets.
|
| I yearn for the old days when the default media slant and popular
| reach of tech news wasn't merely a function of its proximity to
| Elon Musk.
| rafram wrote:
| Starlink has 4.6 million users, an extremely rapid growth rate,
| and an outspoken owner who's currently in the news for causing
| what amounts to a massive cybersecurity breach. Iridium has
| fewer than half as many users and it and its leadership are not
| household names.
| firesteelrain wrote:
| This has been known for a while. You can buy the RTL-SDR Blog
| antenna on Amazon:
|
| 1. https://www.amazon.com/RTL-SDR-Blog-1525-1637-Inmarsat-
| Iridi...
|
| 2. https://www.youtube.com/watch?v=V_jDTs79kq8
|
| 3. https://www.youtube.com/watch?v=PKO8hgtJUZ0
|
| 4. https://www.youtube.com/watch?v=2-mPaUwtqnE
|
| 5. https://www.rtl-sdr.com/talk-decoding-data-from-iridium-
| sate...
| 0xbadcafebee wrote:
| As Sec said in 2015, _" The problem isn't that Iridium has poor
| security. It's that it has no security."_
___________________________________________________________________
(page generated 2025-02-13 23:01 UTC)