White Hat Hackers Expose Iridium Satellite Security Flaws
32 comments
·February 13, 2025thunder-blue-3
harrall
Iridium and other satellite companies also went bankrupt and their satellites were going to be de-orbited until the US Government bailed them out in the 2000s. They couldn’t get enough customers to support enough launches.
Terrestrial networks in the meantime have only gotten better and improved coverage. Not that many customers, relatively, need satellite comms.
Now SpaceX is eating their lunch.
I don’t think the market for satellite comms has ever been big enough for a pure-satellite company to get enough money to do something cool. SpaceX can afford the R&D because they are a little more diversified.
mschuster91
> They couldn’t get enough customers to support enough launches.
No surprise, the only usecases back then for the price that Iridium and others commanded were SAR, a few military/secret service style use cases and execs who deem themselves to be of such importance that they need to be reachable on the globe 24/7 even if they are just taking a flight over the Atlantic or on a cruise ship, and Iridium can't be reasonably used for much more than that.
> Now SpaceX is eating their lunch.
Partially due to physics. Latency on Starlink is reportedly low enough to run online games or telephony and the bandwidth high enough to allow for video streaming in the outback, which makes the potential market size muuuuch bigger so the price point can be lowered enough to be competitive with landline DSL of all things.
The problem is, SpaceX isn't something that the US government can rely on forever. For now, its leader is in good standing with the 47th, but that may change overnight (it has happened with either of these characters before and both have quite the large egos that will collide rather sooner than later). And what to do then?
null
irish_john
>Now SpaceX is eating their lunch. Fact Check Time! Iridium stock jumped 15% today, because their 4Q earnings vastly beat expectations. They earned $0.31 per share versus expectations of $0.16 Their Revenue grew 9% Year over Year to $213 million
morgango
Iridium, that is a name I've not heard in a long time.
IMHO, the worst places to be are organizations that were supposed to change the world, but didn't, and don't quite get it.
Your experience totally tracks with that.
bathtub365
They set up global satellite communications over 20 years ago. They did change the world.
jandrese
This seems like it should be totally expected. Iridium's engineering efforts are largely in the past, they're purely in the revenue extraction mode at this point. Your job description is basically just "maintain obsolete legacy system just enough to make money."
glitchc
Starlink ate Iridium's lunch. Any benefits Iridium was supposed to provide are currently achieved by Starlink.
martinsnow
Sadly I expect them to be at the stage of no relevance. Just enough that as another commenter said it could make some money but satellites have no business value.
wcfields
Their value is the niche of being able to work at the poles, unlike any other constellation, despite being dialup speed.
martinsnow
But how can you translate that to dollars today?
vvillena
"Eccentric Orbits: The Iridium Story" by John Bloom is a must-read for anyone remotely interested in satellites, communication networks, or corporate management. The project achieved several outstanding engineering feats, then fumbled into an almost unrecoverable position, then rose from the ashes into the small niche it holds today.
Plus, "Early calculations showed that 77 satellites would be needed, hence the name Iridium", is an eternally cool piece of trivia.
halper
I concur: was a very good read! Can wholeheartedly recommend.
flarzzarp
My guess is, that similar flaws have been known and exploited for ages. I doubt that iridium was ever truly safe to begin with. I was recently looking into renting an iridium satellite modem and while doing so, I found a pdf on some shady private intelligence agencies website that documented a tool to intercept calls and messages as well as locating users of the network. The screenshots looked like a late 90s, early 2000s windows ui and talked about special radio equipment that the tool interfaces with.
Search for "Iridium Interception System reference manual pdf"
palmotea
> I found a pdf on some shady private intelligence agencies website that documented a tool to intercept calls and messages as well as locating users of the network. ... Search for "Iridium Interception System reference manual pdf"
This? https://pegasusintelligence.com/docs/iridium-monitoring-syst...
> The screenshots looked like a late 90s, early 2000s windows ui and talked about special radio equipment that the tool interfaces with.
Mid-2000s. A lot of them have dates, and they're all Jan/Feb 2007.
null
firesteelrain
This has been known for a while. You can buy the RTL-SDR Blog antenna on Amazon:
1. https://www.amazon.com/RTL-SDR-Blog-1525-1637-Inmarsat-Iridi...
2. https://www.youtube.com/watch?v=V_jDTs79kq8
3. https://www.youtube.com/watch?v=PKO8hgtJUZ0
4. https://www.youtube.com/watch?v=2-mPaUwtqnE
5. https://www.rtl-sdr.com/talk-decoding-data-from-iridium-sate...
jlg23
I assume the article is based on this presentation at 38c3: https://media.ccc.de/v/38c3-investigating-the-iridium-satell...
0xbadcafebee
As Sec said in 2015, "The problem isn't that Iridium has poor security. It's that it has no security."
schiffern
>Users' locations and texts can be intercepted, including DoD employees
If this was Starlink, you're kidding yourself if you think this wouldn't be dominating an entire news cycle, and then transition into an endlessly repeated mob refrain.
Since it's not, I expect crickets.
I yearn for the old days when the default media slant and popular reach of tech news wasn't merely a function of its proximity to Elon Musk.
rafram
Starlink has 4.6 million users, an extremely rapid growth rate, and an outspoken owner who’s currently in the news for causing what amounts to a massive cybersecurity breach. Iridium has fewer than half as many users and it and its leadership are not household names.
I was once offered an engineering manager position at iridium (which i discussed here https://news.ycombinator.com/item?id=41748519)-- that entire company is a race to reduce the bottom line. They offered me (an engineering manager to 5 engineers) a lower salary than I was offered as a new grad. Also their talent pipeline is quite stale, most of the engineers on my prospective team were at the org for 10-20 years. For such an interesting aspect of technology, it's ashame they can't attract more talent, such an untapped market low earth orbit satellite networks are...