Hackers Expose Iridium Satellite Security Issues

Although the DoD uses a secure gateway to route and encrypt its traffic, the hackers were able to see which devices were connecting via the DoD pathway. That allowed the duo to identify and locate DoD users with an accuracy of about 4 km using a home-assembled eavesdropping kit consisting of a commercially available Iridium antenna, a software-defined radio receiver and a basic computer, such as the Intel N100 mobile CPU or the Raspberry Pi mini-computer.

“We see devices that register with the DoD service center and then we can find their positions from these registrations,” Sec said during the talk. “You don’t have to see the communication from the actual phone to the network, you just see the network’s answer with the position, and you then can map where all the registered devices are.”

Iridium’s Legacy Components Still Cause Problems

The Iridium constellation, first deployed in the late 1990s, is made up of 66 satellites disbursed across six orbital planes roughly 870 km above Earth. The constellation, the first to have provided global commercial satellite communications services, supports satellite telephony and connects pagers, emergency beacons, and Internet of Things devices all over the world. Out of Iridium’s 2.3 million subscribers, 145,000 are U.S. government customers. Iridium receivers are also frequently used by vessels at sea and by aircraft pilots exchanging information with other airplanes and with ground control.

“Back then encryption was not something on everyone’s mind,” Sec said during the presentation. “All the [first generation] Iridium data is unencrypted.”

In response to a request for comment, a spokesperson from Iridium says, “This is old news. The DoD and others encrypt their communications over our network which address the issues this article raises. There is a reason the DoD continues to be such a big customer and we expect that to continue well into the future. We have always allowed others to encrypt their traffic over our network. Our commercial partners have been doing the same for decades, when and where the markets request it.”

Iridium replaced its first-generation fleet with more secure satellites (the second-generation NEXT constellation) between 2017 and 2019. But according to satellite and telecommunications industry analyst Christian von der Ropp, many Iridium devices in use today, including civilian satellite phones, still rely on the first-generation Iridium radio protocol that has no encryption.

“The regular satellite phones that they sell still operate under the old legacy protocol,” says von der Ropp. “If you buy a brand-new civilian Iridium phone, it still operates using the 30-year-old radio protocol, and it is subject to the same vulnerability. So, you can intercept everything. You can listen to the voice calls, you can read SMS, absolutely everything. Out of the box it’s a totally unsecure service.”

Von der Ropp estimates that tens or even hundreds of thousands of Iridium devices in use today rely on the old, unsecured radio protocol.

Hackers Reveal Vulnerabilities in Iridium’s Systems

While the DoD uses an extra layer of encryption to protect the content of its exchanges, other nations’ agencies appear to be less aware of the vulnerabilities. In perhaps the most jaw-dropping moment of the hacking demonstration, Sec revealed a text message exchanged between two employees of the German Foreign Office that he and Schneider were able to intercept.

“I need a good doctor in [Tel Aviv] who can also look at gunshot wounds. Can you send me a number ASAP,” read the message sent by a worker at the Crisis Response Center of the German Foreign Office’s mission in Tel Aviv. The hackers did not reveal when the exchange had taken place.

Using software he and Schneider had created, Sec also showed a map of devices visible in a single moment to their eavesdropping gear located in Munich. Iridium devices as far as London, central Norway and Syria (more than 3,000 km away) could be seen.

“With US $400 worth of equipment and freely available software, you can start right away intercepting Iridium communications in an area with a diameter of hundreds, sometimes even thousands of kilometers,” said von der Ropp, who was present at the demonstration. “The Iridium signal is divided into spot beams that are about 400 km wide. In principle, one should only be able to listen to the spot beam overhead. But the signal is so strong that you can also detect many of the surrounding spot beams, sometimes up to 2,000 km away.”

The DoD, von der Ropp said, is looking for alternatives to Iridium, including Starlink. Still, last year Iridium won a $94 million contract to provide communication services to the U.S. Space Force.

Von der Ropp noted that few Iridium users seemed to be active in Ukraine, suggesting the local forces are potentially aware of Iridium’s shortcomings. The vulnerability of satellite systems and services to disruption and interference by bad actors has become a hot topic since Russia’s invasion of the country three years ago. The widespread cyberattack on the ground infrastructure of satellite communication provider Viasat crippled the Ukrainian forces’ access to satcom services on the eve of the invasion. The incident, which according to analysts was planned by Russian state-backed hackers for months, revealed the weakness of Viasat’s cyber defenses.

Since then, the number of cyberattacks on satcom providers has increased exponentially. Global navigation and positioning satellite systems such as GPS have also been put to the test. Signal jamming is now a regular occurrence even outside conflict zones and instances of sophisticated spoofing attacks, designed to confuse users and send them to wrong locations, are becoming increasingly common.

This story was updated on 14 February 2025 to add a statement from Iridium.